INFRA-1 TLS Certificates and Endpoints

What are INFRA-1 TLS Certificates and Endpoints Control?

TLS certificates and endpoints are essential to securing internet connections and transactions through data encryption. Not having a plan to manage certificates can lead to system outages and security breaches, which can result in the exposure of confidential data to attackers.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

TLS Certificates and EndPoint Tools

DigiCert

Pingdom

Keychest

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• N/A: No template recommendation is made for this control

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.

To implement this control manually,

1. Install a TLS solution to track all your TLS server certificates.
   1. Validity period
   2. Signed algorithm
   3. DN and SAN content
2. Implement a process to renew your TLS certificate once it expires.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

1. Provide the latest SSL scan of your browser, showing adequate TLS certificates.

Evidence example

For the suggested action, an example is provided below:

1. Provide the latest SSL (Secure Sockets Layer) scan of your browser showing adequate TLS (Transport Layer Security) certificates.
   Use Qualys SSL to run a scan on your server and browser.