Conformance Package for ENISA Requirements
This section describes the background, applicable scenarios, and the conformance package to meet requirements by European Union Agency for Cybersecurity (ENISA).
Background
ENISA has issued a guide for small- and medium-sized enterprises (SMEs)to enhance cyber security. The guide highlights the importance of cyber security for SMEs and describes how to implement related best practices to protect their services from cyber threats.
Applicable Scenarios
This conformance package helps SMEs to meet ENISA requirements of cyber security. It needs to be reviewed and implemented based on specific conditions and
Exemption Clauses
This package provides you with general guide to help you quickly create scenario-based conformance packages. The conformance package and rules included only apply to cloud service and do not represent any legal advice. This conformance package does not ensure compliance with specific laws, regulations, or industry standards. You are responsible for the compliance and legality of your business and technical operations and assume all related responsibilities.
Compliance Rules
The guideline No. in the following table are in consistent with the chapter No. in cybersecurity-guide-for-smes.
|
Guideline No. |
Guideline Description |
Rule |
Solution |
|---|---|---|---|
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
drs-data-guard-job-not-public |
Ensure that DRS real-time DR tasks are not publicly accessible. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
drs-migration-job-not-public |
Ensure that DRS real-time migration tasks are not publicly accessible. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
drs-synchronization-job-not-public |
Ensure that DRS real-time synchronization tasks are not publicly accessible. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
ecs-instance-no-public-ip |
Restrict public access to ECSs to protect sensitive data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
mrs-cluster-no-public-ip |
Block access to MapReduce Service (MRS) using public networks. MRS instances may contain sensitive information, so access control is required. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
function-graph-public-access-prohibited |
Block public access to FunctionGraph functions and manage access to Huawei Cloud resources. Public access may reduce resource availability. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
rds-instance-no-public-ip |
Block access to cloud databases from public networks and manage access to Huawei Cloud resources. Cloud databases may contain sensitive information, and access control is required. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
apig-instances-ssl-enabled |
Enable SSL for APIG REST APIs to authenticate API requests. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
cts-kms-encrypted-check |
Enable trace file encryption with KMS for CTS trackers. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
sfsturbo-encrypted-check |
Enable KMS encryption for SFS Turbo file systems. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
volumes-encrypted-check |
Enable encryption for EVS to protect data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
cts-support-validate-check |
You can enable file verification for CTS trackers to prevent log files from being modified or deleted after being stored. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
css-cluster-disk-encryption-check |
Enable disk encryption for CSS clusters to protect sensitive data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
css-cluster-disk-encryption-check |
Enable disk encryption for CSS clusters to protect sensitive data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
elb-tls-https-listeners-only |
Ensure that your load balancer listeners are configured with the HTTPS protocol. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
volumes-encrypted-check |
Enable encryption for EVS to protect data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
iam-policy-no-statements-with-admin-access |
Grant IAM users only necessary permissions to perform required operations to ensure compliance with the least privilege and SOD principles |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
iam-role-has-all-permissions |
Grant IAM users only necessary permissions to perform required operations to ensure compliance with the least privilege and SOD principles |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
vpc-sg-restricted-ssh |
You can configure security groups to only allow traffic from some IPs to access the SSH port 22 of ECSs to ensure secure remote access to ECSs. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
private-nat-gateway-authorized-vpc-only |
Use private NAT gateways to control VPC connections. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
rds-instances-enable-kms |
Enable encryption for RDS instances to protect sensitive data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
dws-enable-ssl |
Enable SSL for DWS clusters to protect sensitive data. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
dws-enable-kms |
Enable KMS disk encryption for DWS clusters. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
gaussdb-nosql-enable-disk-encryption |
Enable KMS disk encryption for GeminiDB instances. |
|
1_DEVELOP GOOD CYBERSECURITY CULTURE: REMEMBER DATA PROTECTION |
Under the EU General Data Protection Regulation 1 any SMEs that process or store personal data belonging to EU/EEA residents need to ensure that appropriate security controls are in place to protect that data. This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. |
vpc-sg-ports-check |
You can use security groups to control port connections. |
|
5_SECURE ACCESS TO SYSTEMS |
Encourage everyone to use a passphrase, a collection of at least three random common words combined into a phrase that provide a very good combination of memorability and security. |
iam-password-policy |
Set thresholds for IAM user password strength. |
|
5_SECURE ACCESS TO SYSTEMS |
Encourage everyone to use a passphrase, a collection of at least three random common words combined into a phrase that provide a very good combination of memorability and security. |
iam-user-mfa-enabled |
Enable MFA for all IAM users to prevent account theft. |
|
5_SECURE ACCESS TO SYSTEMS |
Encourage everyone to use a passphrase, a collection of at least three random common words combined into a phrase that provide a very good combination of memorability and security. |
mfa-enabled-for-iam-console-access |
Enable MFA for all IAM users who can access Huawei Cloud management console. MFA enhances account security to prevent account theft and protect sensitive data. |
|
5_SECURE ACCESS TO SYSTEMS |
Encourage everyone to use a passphrase, a collection of at least three random common words combined into a phrase that provide a very good combination of memorability and security. |
root-account-mfa-enabled |
Enable MFA for root users. MFA enhances account security. |
|
6_SECURE DEVICES: KEEP SOFTWARE PATCHED AND UP TO DATE |
Ideally using a centralized platform to manage patching. .It is highly recommended for SMEs to: Regularly update all of their software; turn on automatic updates whenever possible; identify software and hardware that requires manual updates; take into account mobile and IoT devices. |
cce-cluster-end-of-maintenance-version |
Ensure that CCE cluster versions can be maintained. |
|
6_SECURE DEVICES: KEEP SOFTWARE PATCHED AND UP TO DATE |
Ideally using a centralized platform to manage patching. It is highly recommended for SMEs to: Regularly update all of their software; turn on automatic updates whenever possible; identify software and hardware that requires manual updates; take into account mobile and IoT devices. |
cce-cluster-oldest-supported-version |
Ensure that there are no CCE cluster versions that cannot be maintained. For CCE clusters of supported versions, The system automatically deploys security patches to upgrade your CCE clusters. If any security issue is identified, Huawei Cloud will fix the issue. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
cts-kms-encrypted-check |
Enable trace file encryption with KMS for CTS trackers. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
cts-support-validate-check |
You can enable file verification for CTS trackers to prevent log files from being modified or deleted after being stored. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
sfsturbo-encrypted-check |
Enable KMS encryption for SFS Turbo file systems. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
css-cluster-disk-encryption-check |
Enable disk encryption for CSS clusters to protect sensitive data. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
css-cluster-disk-encryption-check |
Enable disk encryption for CSS clusters to protect sensitive data. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
css-cluster-https-required |
After HTTPS is enabled for a CSS cluster, communication is encrypted when you access this cluster. If HTTPS is disabled, HTTP protocol is used for cluster communication. In this case, data security cannot be ensured and public address is not allowed. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
volumes-encrypted-check |
Enable encryption for EVS to protect data. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
rds-instances-enable-kms |
Enable KMS encryption for RDS instances to protect sensitive data. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
dws-enable-kms |
Enable KMS encryption for DWS clusters. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
gaussdb-nosql-enable-disk-encryption |
Enable disk encryption with KMS for GeminiDB instances. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
elb-tls-https-listeners-only |
Ensure that your load balancer listeners are configured with the HTTPS protocol. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
apig-instances-ssl-enabled |
Enable SSL for APIG REST APIs to authenticate API requests. |
|
6_SECURE DEVICES: ENCRYPTION |
Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted. For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted, either by employing a Virtual Private Network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. |
dws-enable-ssl |
Enable SSL for DWS clusters to protect data. |
|
7_SECURE YOUR NETWORK: EMPLOY FIREWALLS |
Firewalls should be deployed to protect all critical systems, in particular a firewall should be employed to protect the SME's network from the Internet. |
vpc-sg-restricted-ssh |
You can configure security groups to only allow traffic from some IPs to access the SSH port 22 of ECSs to ensure secure remote access to ECSs. |
|
7_SECURE YOUR NETWORK: EMPLOY FIREWALLS |
Firewalls manage the traffic that enters and leaves a network and are a critical tool in protecting SME systems. Firewalls should be deployed to protect all critical systems, in particular a firewall should be employed to protect the SME's network from the Internet. |
vpc-sg-restricted-common-ports |
You can configure security groups to control connections to frequently used ports. |
|
7_SECURE YOUR NETWORK: EMPLOY FIREWALLS |
Firewalls manage the traffic that enters and leaves a network and are a critical tool in protecting SMEs systems. Firewalls should be deployed to protect all critical systems, in particular a firewall should be employed to protect the SME's network from the Internet. |
vpc-default-sg-closed |
Use security groups to control access within a VPC. You can directly use the default security group for resource access control. |
|
7_SECURE YOUR NETWORK: EMPLOY FIREWALLS |
Firewalls manage the traffic that enters and leaves a network and are a critical tool in protecting SMEs systems. Firewalls should be deployed to protect all critical systems, in particular a firewall should be employed to protect the SME's network from the Internet. |
vpc-sg-ports-check |
You can use security groups to control port connections. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: 1. Ensure all remote access software is patched and up date. 2. Restrict remote access from suspicious geographical locations or certain IP addresses. 3. Restrict staff remote access only to the systems and computers they need for their work. 4. Enforce strong passwords for remote access and where possible enable multi-factor authentication. 5. Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
iam-password-policy |
Set thresholds for IAM user password strength. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
iam-user-mfa-enabled |
Enable MFA for all IAM users to prevent account theft. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
mfa-enabled-for-iam-console-access |
Enable MFA for all IAM users who can access Huawei Cloud management console. MFA enhances account security to prevent account theft and protect sensitive data. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
root-account-mfa-enabled |
Enable MFA for root users. MFA enhances account security. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
apig-instances-execution-logging-enabled |
Enable CTS for your dedicated APIG gateways. APIG supports custom log analysis templates, which you can use to collect and manage logs and trace and analyze API request exceptions. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. 3. Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
cts-lts-enable |
Use LTS to centrally collect CTS data. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
cts-tracker-exists |
Ensure that a CTS tracker has been created for your account to record operations on the Huawei Cloud management console. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. 2. Restrict remote access from suspicious geographical locations or certain IP addresses. 3. Restrict staff remote access only to the systems and computers they need for their work. 4. Enforce strong passwords for remote access and where possible enable multi-factor authentication. 5. Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
multi-region-cts-tracker-exists |
Create CTS trackers for different regions to satisfy different customer requirements and meets the laws and regulations of different regions. |
|
7_SECURE YOUR NETWORK: REVIEW REMOTE ACCESS SOLUTIONS |
SMEs should regularly review any remote access tools to ensure they are secure, particularly: - Ensure all remote access software is patched and up date. - Restrict remote access from suspicious geographical locations or certain IP addresses. - Restrict staff remote access only to the systems and computers they need for their work. - Enforce strong passwords for remote access and where possible enable multi-factor authentication. - Ensure monitoring and alerting is enabled to warn of suspected attacks or unusual suspicious activity. |
vpc-flow-logs-enabled |
Enable flow logs for VPCs to monitor network traffic, analyze network attacks, and optimize security group and ACL configurations. |
|
9_SECURE BACKUPS |
To enable the recovery of key formation, backups should be maintained as they are an effective way to recover from disasters such as a ransomware attack. The following backup rules should apply: 1. Backup is regular and automated whenever possible. 2. Backup is held separately from the SME's production environment. 3. Backups are encrypted, especially if they are going to be moved between locations. 4. The ability to regularly restore data from the backups is tested. Ideally, a regular test of a full restore from start to finish should be done. |
rds-instance-enable-backup |
Enable backups for RDS instances. |
|
9_SECURE BACKUPS |
To enable the recovery of key formation, backups should be maintained as they are an effective way to recover from disasters such as a ransomware attack. The following backup rules should apply: 1. Backup is regular and automated whenever possible. 2. Backup is held separately from the SME's production environment. 3. Backups are encrypted, especially if they are going to be moved between locations. 4. The ability to regularly restore data from the backups is tested. Ideally, a regular test of a full restore from start to finish should be done. |
dws-enable-snapshot |
Enable snapshots for DWS clusters. Automated snapshots are enabled by default when a cluster is created. Snapshots are periodically taken of a cluster based on the specified time and interval, usually every eight hours. Users can configure one or more automated snapshot policies for the cluster as needed. |
|
9_SECURE BACKUPS |
To enable the recovery of key formation, backups should be maintained as they are an effective way to recover from disasters such as a ransomware attack. The following backup rules should apply: Backup is regular and automated whenever possible; backup is held separately from the SME's production environment; backups are encrypted, especially if they are going to be moved between locations; the ability to regularly restore data from the backups is tested. Ideally, a regular test of a full restore from start to finish should be done. |
gaussdb-nosql-enable-backup |
Enable backups for GeminiDB. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
