Expired digital certificates must not be used.
An XCCDF Rule
Description
The longer and more often a key is used, the more susceptible it is to loss or discovery. This weakens the assurance provided to a relying Party that the unique binding between a key and its named subscriber is valid. Therefore, it is important that certificates are periodically refreshed. This is in accordance with DoD requirement. Expired Certificate must not be in use.
- ID
- SV-223647r958448_rule
- Version
- RACF-CE-000020
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
If the certificate is a user or device certificate with a status of TRUST, follow procedures to obtain a new certificate or re-key certificate. If it is an expired CA certificate remove it.