Overview
SecMaster can scan cloud services for risks in key configuration items, report scan results by category, generate alerts for incidents, and provide hardening suggestions and guidelines.
SecMaster can check your cloud services for unsafe configurations based on preconfigured compliance packs, including Cloud Security Compliance Check 1.0, DJCP 2.0 Level 3 Requirements, Network Security, General Data Protection Regulation, OS Configuration Baseline, Huawei Cloud Security Configuration, Common Weak Password Detection, Password Complexity Policy Detection, PCI DSS, and NIST SP 800-53. In addition, you can add custom check items and compliance packs to meet your own needs.
Compliance Pack |
Description |
Applicable Region |
Category |
Domain |
---|---|---|---|---|
Cloud Security Compliance Check 1.0 |
This compliance pack automates the assessment of your data security posture across four key areas: identity and access management, infrastructure security, data protection, and backup integrity. It helps you efficiently identify data security issues. |
Global |
Industry standards |
Network security |
DJCP 2.0 Level 3 Requirements |
This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based the level 3 requirements of China's national standard GB/T 22239-2019 information security technology — Baseline for classified protection of cybersecurity. |
China |
National standards |
Network security |
Network Security |
This compliance pack offers automated security checks aligned with international best practices. It enables cloud customers to identify threats and risks across key assets—including cloud servers, web applications, object storage, and data security centers—enhancing overall network security capabilities. |
Global |
Industry standards |
Network security |
Huawei Cloud Security Configuration |
This compliance pack automates security configuration checks for IAM, monitoring, compute (container and cloud server), network, storage, and data services against cloud security benchmarks, helping you establish and maintain a secure cloud foundation. |
Global |
Industry standards |
Network security |
GDPR |
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law established by the European Union to safeguard individuals' personal data and ensure its secure processing. It mandates that all organizations processing EU citizens' personal data must ensure transparent, lawful, and secure data processing practices. |
European Union |
Regional laws |
Data protection |
OS Configuration Baseline |
This compliance pack checks password complexity policies, common weak passwords, and configurations. It can detect insecure password configurations and risky configurations in key software on servers, and provide rectification suggestions for detected risks, helping you correctly handle risky configurations on servers. |
Global |
Industry standards |
Operating systems (OSs) |
Common Weak Password Detection |
This check compares passwords used by accounts with common weak passwords defined in a library and reminds users to change detected weak passwords. |
Global |
Industry standards |
Operating systems (OSs) |
Password Complexity Policy Detection |
A password complexity policy specifies the rules that user passwords must comply with to improve password security and defend against brute-force attacks. This feature checks the password complexity policies in Linux and provides suggestions to help improve password security. |
Global |
Industry standards |
Operating systems (OSs) |
PCI-DSS |
The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard jointly formulated by five major payment card brands (Visa, Mastercard, American Express, Discover, and JCB) to protect payment card data and prevent data leaks and frauds. |
Global |
Industry standards |
Data security |
NIST SP 800-53 |
NIST SP 800-53 provides a comprehensive security control framework for organizations to identify, assess, and manage information security risks. |
Global |
Industry standards |
Data security |
Limitations and Constraints
- Only SecMaster professional edition supports OS Configuration Baseline, Common Weak Password Detection, Password Complexity Policy Detection compliance packs. Before using these packs, you need to enable HSS baseline log access and Automatically converts alarms for HSS baseline logs in SecMaster. The procedure is as follows:
- In the navigation pane on the left in the target workspace, choose .
- Locate the HSS baseline row in the Host Security Service, click
in the Automatically converts alarms column. Click Save. In the displayed dialog box, click OK. For more details, see Enabling Log Access.
- Baseline inspection for OS Configuration Baseline, Common Weak Password Detection, and Password Complexity Policy Detection compliance packs are performed in HSS instead of SecMaster. However, you can view check results in SecMaster. If you need to perform HSS baseline inspection, go to the HSS console and complete the inspection. For details, see Performing Baseline Inspection on HSS.
Baseline Check Methods
- Automated baseline checks
By default, SecMaster checks assets associated with the Cloud Security Compliance Check 1.0 compliance pack in the current region of your account every three days from 00:00 to 06:00.
The default check plan only allows you to enable or disable automatic baseline checks.
- Scheduled custom baseline checks
You can customize the automatic check period, time, and scope. You can also customize the check items that can be automated in Cloud Security Compliance Check 1.0, Network Security, and Huawei Cloud Security Configuration. For details about how to perform a baseline inspection, see Performing a Scheduled Baseline Check.
- Immediate baseline checks
You can start all security standards or a specific check plan to detect violations in real time.
You can set the auto check items in the compliance packs. For check items that support only manual check, the system generates check items whose check results are To be checked. You need to perform a manual check offline and then report the check results to the SecMaster console.
For details about immediate baseline checks, see Starting an Immediate Baseline Check.
- You can start all compliance packs in use to detect violations against automatic check items.
- You can start a check plan to detect violations against check items in the compliance pack configured in the check plan.
- You can select one or more check items and start them at once.
- Manual baseline checks
There are some manual check items included in baseline inspection. After you finish a manual check, report the check results to SecMaster. The pass rate is calculated based on results from both manual and automatic checks. For automatic check items, you can manually start specific checks.
All check items in DJCP 2.0 Level 3 Requirements and General Data Protection Regulation, PCI-DSS, and NIST SP 800-53 are manual. Some check items in Cloud Security Compliance Check 1.0, Huawei Cloud Security Configuration, and Network Security are manual.
For details about manual checks, see Performing a Manual Baseline Check.
Usage Process
The process of using baseline inspection is as follows.
No. |
Operation |
Description |
---|---|---|
0 |
(Optional) Enabling SecMaster access to HSS baseline logs in Host Security Service. |
This operation is required only when SecMaster professional edition is in use and the OS Configuration Baseline, Common Weak Password Detection, and Password Complexity Policy Detection compliance packs are enabled. For details about how to enable compliance packs, see Editing, Enabling, Disabling, or Deleting a Compliance Pack. In the navigation pane of the target workspace, choose |
1 |
SecMaster uses the default check plan to check all assets.
|
|
2 |
The baseline inspection supports periodic and immediate checks.
|
|
3 |
You can view the baseline inspection results after each manual check or automated check. You can quickly learn affected assets and details about the baseline inspection items. |
|
4 |
You can handle risky items based on the rectification suggestions.
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot