Checks whether the validity period of each CloudSSO Security Assertion Markup Language (SAML) signing certificate exceeds the specified number of days. If so, the evaluation result is Compliant. The default number of days is 90.
Scenarios
Regularly checking and updating CloudSSO SAML signing certificates can reduce security risks and maintain system stability and security.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
If the validity period of each CloudSSO SAML signing certificate exceeds the specified number of days, the evaluation result is Compliant. The default number of days is 90.
If the validity period of a CloudSSO SAML signing certificate does not exceed the specified number of days, the evaluation result is Non-compliant. The default number of days is 90.
Rule details
Item | Description |
Rule name | cloudsso-directory-saml-expired-check |
Rule ID | |
Tag | CloudSSO |
Automatic remediation | Not supported |
Trigger type | Periodic execution |
Evaluation frequency | Every 24 hours |
Supported resource type | CloudSSO directory |
Input parameter | days. Default value: 90, in days |
Non-compliance remediation
Ensure that the validity period of each CloudSSO SAML signing certificate exceeds the specified number of days. For more information, see Overview.