ISM-1956

Microsoft AD FS token-signing and encryption certificates are changed twice in quick succession if:
• they are compromised
• they are suspected of being compromised
• they have not been changed in the past 12 months.

Topic
Changing credentials
Applicable to
Non Classified, Official, Protected, Secret, Top Secret

History

Sep 2024
Microsoft AD FS token-signing and encryption certificates are changed twice in quick succession if:
• they are compromised
• they are suspected of being compromised
• they have not been changed in the past 12 months.
A new control was added recommending that Microsoft AD FS token-signing and encryption certificates be changed twice in quick succession if they are suspected of being compromised or if they have not been changed in the last 12 months.