Managing Check Items

Limitations and Constraints

• For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.
• When you import check items, note the following restrictions:
  • Only .xlsx files can be imported.
  • Only one file can be imported at a time. Maximum file size: 100 records.
• Check items in built-in compliance packs can only be viewed and exported, but cannot be edited or deleted.

Viewing Check Items

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.
   Figure 2 Accessing the Check Item tab
   

6. On the Check Item tab, view the information about existing check items. For details about the parameters, see Table 2.

   Table 2 Parameters for check items

   Parameter	Description
   Check Items	Total number of check items in the current workspace.
   Built-in Check Items	The number of check items preconfigured in SecMaster.
   Custom Check Items	The number of check items you create.
   Check item list	All check items and their basic information. In the check item list, you can view the description, type, and number of compliance packs used for a check item. You can also edit or delete custom check items. To display certain columns only, click the setting button in the upper right corner of the check item list and complete the settings (for example, whether to wrap lines and whether to fix the operation column). To view details about a check item, click its name. The details page is displayed on the right. On the check item details page, you can view the description, basic information, and compliance pack used for the check item.

Creating a Custom Check Item

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 3 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.
   Figure 4 Accessing the Check Item tab
   

6. Click Create Check Item in the upper left corner of the check item list.
7. On the Create Check Item page, set check item parameters.

   Table 3 Parameters for creating check items

   Parameter	Description
   Check Item	Name you specify for the check item. It must meet the following requirements: Only letters, digits, underscores (_), periods (.), and hyphens (-) are allowed. Length: 1 to 256 characters
   Description	Description you provide for the check item. A maximum of 4,096 characters are allowed.
   Severity	Select the severity of the check item. Critical High Medium Low Informational
   Action	Select an action for the check item. Executed by workflows: The check item is automatically executed through a workflow you specify, and the check result is reported by the workflow as well. Executed manually: You will manually complete the check item offline.
   Select Workflow	If you set Action to Executed by workflows, you need to select a workflow. The Workflow Type must be Baseline Inspection. If no appropriate workflows are available, click Create Workflow and create one on the workflow page.
   Manual Check Items	If Action for a check item is set to Executed manually, SecMaster sets the check result options by default.
   Cloud Service	Enter the information about the cloud service associated with the check item. Enter 0 to 36 characters.

8. Click OK. You can filter check items by the created check item name on the check item page and view the basic information about the check items.
   

   For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.

   You can edit or delete custom check items you add as required.

Adding a Check Item to an Allowlist on the Check Result Page

If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist.

An item or instance that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 5 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.
   Figure 6 Accessing the check result page
   

6. In the check result list, click Allow in the Operation column of the row that contains the target check item.
7. In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

Adding a Check Item to an Allowlist on the Compliance Pack Details Page

If you do not need to check a check item, you can add it to an allowlist.

An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 7 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Compliance Pack tab.
   Figure 8 Accessing the Compliance Pack tab
   

6. Click the name of the target compliance pack to go to its details page.
7. Search for the target check item in the compliance pack list and click Allow in the Operation column.
8. In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

Adding an Allowlist Policy for a Check Item on the Policy Settings Page

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 9 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.
   Figure 10 Accessing the check result page
   

6. Click Policy Settings in the upper right corner of the page. The Policy Settings page is displayed.
7. On the Allowlist Policies tab, click Add Allowlist Policy. The Add Allowlist Policy page is displayed. Set the parameters as required.

   Table 4 Parameters for adding an allowlist policy

   Parameter	Description
   Environment	Select the cloud environment that the target check item belongs to. You can only select a value from the drop-down list. The value can be Huawei Cloud, indicating the Huawei Cloud environment.
   Cloud Service	After selecting a value for Environment, select the cloud service that the target check item belongs to. You can only select a value from the drop-down list. The options of Cloud Service are cloud services associated with all check items in the cloud environment you select.
   Check Item	After Environment and Cloud Service are configured, select the check item you want to add to the allowlist. You can only select a value from the drop-down list. The options for Check Item can be check items associated with the cloud services in the selected cloud environment.
   Policy Application Scope	Set the application scope of the check item allowlist policy. The options are as follows: All instances: If you select All instances, the allowlist policy works for all resource instances associated with the check item added to the allowlist policy. Selected instances: If you select Selected instances, the allowlist policy works for resource instances selected by you and associated with the check item added to the allowlist policy. If a check item is associated with only one resource instance, you can select All instances or Selected instances. No matter which option is selected, the policy works the same.
   Remarks (Optional)	A description of the policy. A maximum of 1,000 characters are allowed.

8. Click OK. You can view added allowlist policies on the Policy Settings page.

Cancelling or Deleting an Allowlist Policy

After an item is added to an allowlist, SecMaster skips this item during the check. This item is no longer counted when the check pass rate is calculated. If you need to check the item later, you can cancel the allowlist or delete the allowlist policy. To this end, you can select one of the following methods based on how the item was added to an allowlist.

• For check items added to an allowlist by Adding a Check Item to an Allowlist on the Check Result Page:
  • Method 1: Click Cancel Allowlist in the Operation column of the target check item by referring to Adding a Check Item to an Allowlist on the Compliance Pack Details Page. In the dialog box displayed, click OK.
  • Method 2: Delete the allowlist policy corresponding to the target check item by referring to Adding an Allowlist Policy for a Check Item on the Policy Settings Page.
• For check items added to an allowlist by Adding a Check Item to an Allowlist on the Compliance Pack Details Page:
  • Click Cancel Allowlist in the Operation column of the target check item by referring to Adding a Check Item to an Allowlist on the Compliance Pack Details Page. In the dialog box displayed, click OK.
• For Adding an Allowlist Policy for a Check Item on the Policy Settings Page, you can delete the allowlist policy of the target check item through the Policy Settings page.
  • Deletion: Click Delete in the Operation column of the check item allowlist policy to be canceled. In the Delete dialog box, confirm the information and click OK.
  • Batch deletion: Select all the allowlist policies you want to delete and click Batch Delete. In the Delete dialog box, confirm the information and click OK.

Importing Check Items

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 11 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.
   Figure 12 Accessing the Check Item tab
   

6. In the upper left corner above the check item list, click Import.
7. In the dialog box displayed, click Download Template and complete the template.
8. In the displayed dialog box, click Add File and upload the completed template file.
   

   • Only .xlsx files can be imported.
   • Only one file can be imported at a time. Maximum file size: 100 records.

9. Click Import.
10. You can view the imported check items on the check item tab. You can filter check items by check item name.

Exporting Check Items

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 13 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.
   Figure 14 Accessing the Check Item tab
   

6. Select check items you want to export from the check item list and click Export in the upper left corner above the list.
7. In the displayed dialog box, select the format and data columns you want.
8. Click Export.

Editing or Deleting a Check Item

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 15 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.
   Figure 16 Accessing the Check Item tab
   

6. In the check item list, edit or delete a check item.

   Table 5 Editing or deleting a check item

   Operation	Description
   Editing a custom check item	Locate the target check item and click Edit in the Operation column. Edit settings and click OK. Then, filter check items by check item name on the check item tab and view the check item information. Only custom check items can be edited. Check items in built-in compliance packs cannot be edited.
   Deleting a custom check item	Locate the target check item and click Delete in the Operation column. In the displayed dialog box, confirm the deletion object, enter DELETE, and click OK. Only custom check items can be deleted. Check items in built-in compliance packs cannot be deleted.