KMS encryption key rotation period is bigger than 90 days

Risk Level

Informational (4)

Compliance Frameworks


Rotating kms keys regularly helps prevent brute-force attacks enabled by cryptanalysis and limits the number of actual messages vulnerable in the event that a key is compromised.
  • Recommended Mitigation

    Ensure each key in the keyring has Next Rotation set for less than 90 days from the current date