RSA certificates managed by AWS ACM should use a key length of at least 2,048 bits

Description

This metric evaluates whether RSA certificates overseen by AWS Certificate Manager utilize a key length that is a minimum of 2,048 bits. The strength of encryption has a direct relationship with the size of the key.

Remediation

The lower limit for the key length of RSA certificates provided by ACM is set at 2,048 bits. Directions on issuing new RSA certificates with ACM can be found in the AWS Certificate Manager User Guide.

Although ACM permits the import of certificates with shorter key measures, it is essential to use keys with a minimum length of 2,048 bits to comply with this guideline. The key length cannot be modified post-import. If a certificate has a key length less than 2,048 bits, it must be eliminated. For additional details on importing certificates into ACM, please refer to the AWS Certificate Manager User Guide regarding requirements for importing certificates.