Microsoft AD FS token-signing and encryption certificates are changed twice in quick succession if: • they are compromised • they are suspected of being compromised • they have not been changed in the past 12 months.
Topic
Changing credentials
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Sep 2024
Microsoft AD FS token-signing and encryption certificates are changed twice in quick succession if: • they are compromised • they are suspected of being compromised • they have not been changed in the past 12 months.
A new control was added recommending that Microsoft AD FS token-signing and encryption certificates be changed twice in quick succession if they are suspected of being compromised or if they have not been changed in the last 12 months.