ACME (Automatic Certificate Management Environment) is a protocol that automates the issuance, renewal, and revocation of TLS certificates. It became widely known through Let’s Encrypt but is now supported by other certificate authorities as well.
For an ISMS, ACME matters because expired certificates are a frequent cause of availability incidents and security warnings. Automating certificate management through ACME substantially reduces this risk. ISO 27001 Annex A control A.8.24 (Use of Cryptography) requires documented management of cryptographic keys and certificates. ACME clients such as Certbot or acme.sh integrate into CI/CD pipelines and ensure certificates are renewed before expiry.