Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise.
Crypto / Key / Threats / DEV
Key Rotation is Disabled or Delayed Beyond Policy Limits
CCC.KeyMgmt.TH03
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CP20 | Automatic Symmetric Key Rotation | Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS. |
| CCC.KeyMgmt.CP21 | Manual Key Rotation | Supports the ability to manually rotate a managed key. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CN03 | Enforce Automatic Rotation | Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| MITRE-ATT&CK | T1562 | Impair Defenses |