CCC.KeyMgmt.TH03: Key Rotation is Disabled or Delayed Beyond Policy Limits
Threat ID:CCC.KeyMgmt.TH03
Title:Key Rotation is Disabled or Delayed Beyond Policy Limits
Description:
Modification of automatic or manual rotation settings can keep older key material active longer than intended, decreasing cryptographic resilience and extending exposure in the event of key compromise.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.KeyMgmt.CP20 | Automatic Symmetric Key Rotation | Supports the ability to automatically rotate a managed symmetric key as long as the key was generated within the KMS. |
| CCC.KeyMgmt.CP21 | Manual Key Rotation | Supports the ability to manually rotate a managed key. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1562 | 0 | Impair Defenses |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.KeyMgmt.CN03 | Enforce Automatic Rotation | Ensure symmetric keys rotate automatically within policy intervals to reduce exposure of key material. | Key Lifecycle Management | 1 | 2 | 1 |