Best practice on short lived TTL and no_store pki policy

Hey,
We are debating on what is the recommended TTL for certs to safely set no_store PKI?
What have you used in your organization? what was low enough but still helped in breaches?