diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
index a99a1951..e49ba51e 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java
@@ -1685,21 +1685,34 @@ public abstract class AbstractAttestationCertificateAuthority
                                             final Set<PlatformCredential> platformCredentials,
                                             final Device device) {
         IssuedAttestationCertificate issuedAc;
-        boolean validDate = false;
+        boolean generateCertificate = true;
         SupplyChainPolicy scp = this.supplyChainValidationService.getPolicy();
+        Date currentDate = new Date();
+        int days;
         try {
             // save issued certificate
             IssuedAttestationCertificate attCert = new IssuedAttestationCertificate(
                     derEncodedAttestationCertificate, endorsementCredential, platformCredentials);
 
-            if (scp != null && !scp.isIssueAttestationCertificate()) {
+            if (scp != null) {
                 issuedAc = IssuedAttestationCertificate.select(certificateManager)
                         .byDeviceId(device.getId()).getCertificate();
-                if (issuedAc != null) {
-                    validDate = issuedAc.isValidOn(attCert.getBeginValidity());
+
+                generateCertificate = scp.isIssueAttestationCertificate();
+                if (issuedAc != null && scp.isGenerateOnExpiration()) {
+                    if (issuedAc.getEndValidity().after(currentDate)) {
+                        // so the issued AC is expired
+                        // however are we within the threshold
+                        days = daysBetween(currentDate, issuedAc.getEndValidity());
+                        if (days < Integer.parseInt(scp.getReissueThreshold())) {
+                            generateCertificate = true;
+                        } else {
+                            generateCertificate = false;
+                        }
+                    }
                 }
             }
-            if (!validDate) {
+            if (generateCertificate) {
                 attCert.setDevice(device);
                 certificateManager.save(attCert);
             }
@@ -1710,4 +1723,9 @@ public abstract class AbstractAttestationCertificateAuthority
                             + e.getMessage(), e);
         }
     }
+
+    @SuppressWarnings("magicnumber")
+    private int daysBetween(final Date date1, final Date date2) {
+        return (int) ((date2.getTime() - date1.getTime()) / (1000 * 60 * 60 * 24));
+    }
 }
diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java
index af702b82..498dff5a 100644
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/model/PolicyPageModel.java
@@ -24,10 +24,13 @@ public class PolicyPageModel {
     private String ecValidate;
     private String fmValidate;
     private String attestationCertificateIssued;
-    private String generationExpiration;
+    private String generationExpirationOn;
     private String numOfValidDays;
+    private String reissueThreshold;
     private String ignoreIma;
     private String ignoretBoot;
+    private String expirationValue;
+    private String thresholdValue;
 
     /**
      * Constructor. Sets fields from policy.
@@ -42,8 +45,11 @@ public class PolicyPageModel {
         this.issueAttestationCertificate = policy.isIssueAttestationCertificate();
         this.generateOnExpiration = policy.isGenerateOnExpiration();
         this.numOfValidDays = policy.getValidityDays();
+        this.reissueThreshold = policy.getReissueThreshold();
         this.enableIgnoreIma = policy.isIgnoreImaEnabled();
         this.enableIgnoreTboot = policy.isIgnoreTbootEnabled();
+        this.expirationValue = policy.getValidityDays();
+        this.thresholdValue = policy.getReissueThreshold();
     }
 
     /**
@@ -172,8 +178,8 @@ public class PolicyPageModel {
      *
      * @return the model string representation of this field.
      */
-    public String getGenerationExpiration() {
-        return generationExpiration;
+    public String getGenerationExpirationOn() {
+        return generationExpirationOn;
     }
 
     /**
@@ -185,6 +191,15 @@ public class PolicyPageModel {
         return numOfValidDays;
     }
 
+    /**
+     * Gets the number of selected threshold days.
+     *
+     * @return the number of the days for reissue
+     */
+    public String getReissueThreshold() {
+        return reissueThreshold;
+    }
+
     /**
      * Gets the Ignore IMA validation value.
      *
@@ -326,11 +341,11 @@ public class PolicyPageModel {
     /**
      * Sets the generation expiration state.
      *
-     * @param generationExpiration "checked" if generating expiration is on.
+     * @param generationExpirationOn "checked" if generating expiration is on.
      */
-    public void setGenerationExpiration(
-            final String generationExpiration) {
-        this.generationExpiration = generationExpiration;
+    public void setGenerationExpirationOn(
+            final String generationExpirationOn) {
+        this.generationExpirationOn = generationExpirationOn;
     }
 
     /**
@@ -351,6 +366,38 @@ public class PolicyPageModel {
         this.ignoretBoot = ignoretBoot;
     }
 
+    /**
+     * Getter for the expiration value.
+     * @return the value
+     */
+    public String getExpirationValue() {
+        return expirationValue;
+    }
+
+    /**
+     * Setter for the expiration value.
+     * @param expirationValue string value
+     */
+    public void setExpirationValue(final String expirationValue) {
+        this.expirationValue = expirationValue;
+    }
+
+    /**
+     * Getter for the expiration value.
+     * @return the thresholdValue
+     */
+    public String getThresholdValue() {
+        return thresholdValue;
+    }
+
+    /**
+     * Setter for the expiration value.
+     * @param thresholdValue string value
+     */
+    public void setThresholdValue(final String thresholdValue) {
+        this.thresholdValue = thresholdValue;
+    }
+
     @Override
     public String toString() {
         return "PolicyPageModel{"
diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
index 1cf91c0f..a7edcc72 100644
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java
@@ -264,10 +264,15 @@ public class PolicyPageController extends PageController<NoPageParams> {
         PageMessages messages = new PageMessages();
         String successMessage;
         String numOfDays;
-        LOGGER.error("We got this value -> {}", ppModel.getGenerationExpiration());
-        boolean generateCertificateEnabled
-                = ppModel.getGenerationExpiration()
-                .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
+
+        boolean generateCertificateEnabled = false;
+        // because this is just one option, there is not 'unchecked' value, so it is either
+        // 'checked' or null
+        if (ppModel.getGenerationExpirationOn() != null) {
+            generateCertificateEnabled
+                    = ppModel.getGenerationExpirationOn()
+                    .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
+        }
 
         try {
             SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
@@ -282,7 +287,7 @@ public class PolicyPageController extends PageController<NoPageParams> {
                 }
 
                 if (generateCertificateEnabled) {
-                    numOfDays = ppModel.getNumOfValidDays();
+                    numOfDays = ppModel.getExpirationValue();
                     if (numOfDays == null) {
                         numOfDays = SupplyChainPolicy.TEN_YEARS;
                     }
@@ -309,6 +314,76 @@ public class PolicyPageController extends PageController<NoPageParams> {
         return redirectToSelf(new NoPageParams(), model, attr);
     }
 
+    /**
+     * Updates the state of the policy setting that indicates that the generation
+     * will occur in a set time frame from the end validity date and redirects
+     * back to the original page.
+     *
+     * @param ppModel The data posted by the form mapped into an object.
+     * @param attr RedirectAttributes used to forward data back to the original page.
+     * @return View containing the url and parameters
+     * @throws URISyntaxException if malformed URI
+     */
+    @RequestMapping(value = "update-threshold", method = RequestMethod.POST)
+    public RedirectView updateThresholdVal(@ModelAttribute final PolicyPageModel ppModel,
+                                          final RedirectAttributes attr)
+            throws URISyntaxException {
+
+        // set the data received to be populated back into the form
+        Map<String, Object> model = new HashMap<>();
+        PageMessages messages = new PageMessages();
+        String successMessage;
+        String threshold;
+
+        boolean generateCertificateEnabled = false;
+        // because this is just one option, there is not 'unchecked' value, so it is either
+        // 'checked' or null
+        if (ppModel.getGenerationExpirationOn() != null) {
+            generateCertificateEnabled
+                    = ppModel.getGenerationExpirationOn()
+                    .equalsIgnoreCase(ENABLED_CHECKED_PARAMETER_VALUE);
+        }
+
+        try {
+            SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
+            boolean issuedAttestationOptionEnabled
+                    = policy.isIssueAttestationCertificate();
+
+            if (issuedAttestationOptionEnabled) {
+                if (generateCertificateEnabled) {
+                    successMessage = "Attestation Certificate generation threshold time enabled.";
+                } else {
+                    successMessage = "Attestation Certificate generation threshold time disabled.";
+                }
+
+                if (generateCertificateEnabled) {
+                    threshold = ppModel.getThresholdValue();
+                    if (threshold == null) {
+                        threshold = SupplyChainPolicy.YEAR;
+                    }
+                } else {
+                    threshold = ppModel.getReissueThreshold();
+                }
+
+                policy.setReissueThreshold(threshold);
+            } else {
+                generateCertificateEnabled = false;
+                successMessage = "Attestation Certificate generation is disabled, "
+                        + "can not set time expiration";
+            }
+
+            policy.setGenerateOnExpiration(generateCertificateEnabled);
+            savePolicyAndApplySuccessMessage(ppModel, model, messages, successMessage, policy);
+        } catch (PolicyManagerException e) {
+            handlePolicyManagerUpdateError(model, messages, e,
+                    "Error changing ACA Attestation Certificate generation policy",
+                    "Error updating policy. \n" + e.getMessage());
+        }
+
+        // return the redirect
+        return redirectToSelf(new NoPageParams(), model, attr);
+    }
+
     /**
      * Updates the Endorsement Credential Validation policy setting and
      * redirects back to the original page.
diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp
index 49a1a564..e5f82942 100644
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/policy.jsp
@@ -107,7 +107,7 @@
             <%-- Generate Attestation Certificate--%>
             <div class="aca-input-box">
                 <form:form method="POST" modelAttribute="initialData" action="policy/update-issue-attestation">
-                    <li>Generate Attestation Certificate: ${initialData.issueAttestationCertificate ? 'Enabled' : 'Disabled'}
+                    <li>Conditionally generate Attestation Certificate: ${initialData.issueAttestationCertificate ? 'Enabled' : 'Disabled'}
                         <my:editor id="issuedCertificatePolicyEditor" label="Edit Settings">
                             <div class="radio">
                                 <label><input id="aicTop" type="radio" name="attestationCertificateIssued" ${initialData.issueAttestationCertificate ? '' : 'checked'} value="unchecked"/> Never generate an Attestation Certificate</label>
@@ -117,23 +117,35 @@
                             </div>
                         </my:editor>
                 </form:form>
-                <form:form method="POST" modelAttribute="initialData" action="policy/update-expire-on">
                         <ul>
-                            <li> Set generate on expire time frame: ${initialData.generationExpiration ? 'Enabled' : 'Disabled'}
+                <form:form method="POST" modelAttribute="initialData" action="policy/update-expire-on">
+                            <li>Attestation Certificate Validity: ${initialData.generateOnExpiration ? 'Enabled' : 'Disabled'}
                                 <my:editor id="issuedCertificatePolicyExpirationEditor" label="Edit Settings">
                                     <div class="radio">
                                         <label>
-                                            <input id="aicBot" type="checkbox" name="generationExpiration" ${initialData.generationExpiration ? 'checked' : ''} value="checked"/>
-                                                Only Generate when current Attestation Certificate expires<br />
-                                                ** Validity period for the Attestation Certificate
-                                            <input id="validLen" type="text" name="numOfValidDays" value="3651" size="6" maxlength="6" enabled />
+                                            <input id="aicBot" type="checkbox" name="generationExpirationOn" ${initialData.generateOnExpiration ? 'checked' : ''} value="checked" />
+                                                Attestation Certificate validity time frame (Default 3651 days)<br />
+                                                Select time frame in days: <input id="expirationValue" type="text" name="expirationValue" value="${initialData.expirationValue}" />
                                         </label>
                                     </div>
                                 </my:editor>
                             </li>
+                </form:form>
+                <form:form method="POST" modelAttribute="initialData" action="policy/update-threshold">
+                            <li>Attestation Renewal time: ${initialData.generateOnExpiration ? 'Enabled' : 'Disabled'}
+                                <my:editor id="issuedCertificatePolicyGenerateEditor" label="Edit Settings">
+                                    <div class="radio">
+                                        <label>
+                                            <input id="aicBot" type="checkbox" name="generationExpirationOn" ${initialData.generateOnExpiration ? 'checked' : ''} value="checked" />
+                                                Renew Attestation Certificate before expiration time frame (Default 365 days)<br />
+                                                Select time frame in days: <input id="thresholdValue" type="text" name="thresholdValue" value="${initialData.thresholdValue}" />
+                                        </label>
+                                    </div>
+                                </my:editor>
+                            </li>
+                </form:form>
                         </ul>
                     </li>
-                </form:form>
             </div>
         </ul>
     </jsp:body>
diff --git a/HIRS_Utils/src/main/java/hirs/data/persist/SupplyChainPolicy.java b/HIRS_Utils/src/main/java/hirs/data/persist/SupplyChainPolicy.java
index acf09f28..12e75b1a 100644
--- a/HIRS_Utils/src/main/java/hirs/data/persist/SupplyChainPolicy.java
+++ b/HIRS_Utils/src/main/java/hirs/data/persist/SupplyChainPolicy.java
@@ -18,7 +18,11 @@ public class SupplyChainPolicy extends Policy {
     /**
      * Number of days in 10 years.
      */
-    public static final String TEN_YEARS = "3650";
+    public static final String TEN_YEARS = "3651";
+    /**
+     * Number of days in 1 year.
+     */
+    public static final String YEAR = "365";
 
     @Column(nullable = false)
     private boolean enableEcValidation = false;
@@ -47,6 +51,9 @@ public class SupplyChainPolicy extends Policy {
     @Column(nullable = false)
     private String validityDays = TEN_YEARS;
 
+    @Column(nullable = false)
+    private String reissueThreshold = YEAR;
+
     @Column(nullable = false)
     private boolean generateOnExpiration = false;
 
@@ -291,6 +298,25 @@ public class SupplyChainPolicy extends Policy {
     public void setValidityDays(final String validityDays) {
         this.validityDays = validityDays;
     }
+
+    /**
+     * Getter for the number of days before the expiration to reissue
+     * a certificate.
+     * @return number of days
+     */
+    public String getReissueThreshold() {
+        return reissueThreshold;
+    }
+
+    /**
+     * Setter for the number of days before the expiration to reissue
+     * a certificate.
+     * @param reissueThreshold validity.
+     */
+    public void setReissueThreshold(final String reissueThreshold) {
+        this.reissueThreshold = reissueThreshold;
+    }
+
     /**
      * Getter for the state of when to generate a certificate.
      * @return true or false