CME-805

Credential Rotation Policy

Harden Identity Medium Confidence

Description

Automated rotation of secrets, API keys, and passwords on schedule. Limits the window during which compromised credentials remain valid.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Compromised credentials expire before attacker can use them

CWE Relationships

CWE-798 CWE-521

Verification

Check password aging and secret rotation policies

$ chage -l <user> | grep 'Maximum'
# Expected: Maximum number of days between password change : 90
Platform: linux
← CME-804: SSH Key-Only Authentication CME-806: Kerberos Authentication (GSSAPI) →