02 - Encrypted with Customer Managed Key

Ensure your secrets manager secrets are rotated every 90 days

Ensure that you are rotating your secretes every 90 days. Secrets should be treated just as passwords and should have a particular rotation cycle that follows similar to your service account password policy. This is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

Login into your AWS account
Navigate to the Secrets Manager service at: https://console.aws.amazon.com/secretsmanager
On the left hand panel select Secrets.

Select the Gear icon in the upper right corner, then select Created On in order to see creation date.

For any secret that has been created greater than 90 days, should have the secret changed to something else.
Select the hyperlink for the Secret name for the secret that needs to be changed.
Scroll down to Secret value and select Retrieve secret value.

Select the Edit button in order to update the Secret Value.

Select the Edit button in order to update the Secret Value.
!Important when changing the secret, it is important that the secret is changed in your corresponding application. Example: password for a user in Active directory should have its password in Active Directory updated at the same time.
Repeat the outline steps for all secrets that you have.

See all of your AWS S3 Buckets in a single place!

Do you want to see all S3 Buckets in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.