Updated on 2025-08-11 GMT+08:00

Managing Check Items

This topic describes how to manage check items. The check items support the operations in the following table.

Table 1 Check item management

Operation Type

Operation

Description

Viewing check items

Viewing Check Items

Both check items in built-in and custom compliance packs are supported.

Creating a custom check item

Creating a Custom Check Item

Only check items in custom compliance packs are supported.

Adding a check item to an allowlist

Method 1: Adding a Check Item to an Allowlist on the Check Result Page

If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist.

On the check result page, you can add some check items you do not want to check in an allowlist. Removing them from the allowlist is not supported.

If you want to check the check item again, remove it from the allowlist. To this end, you can go to the details page of the compliance pack, locate the specific check item, and cancel the allowlist. Alternatively, you can delete the allowlist policy on the Policy Settings page.

Method 2: Adding a Check Item to an Allowlist on the Compliance Pack Details Page

If you do not need to check a check item, you can add it to an allowlist.

If you want to check the check item again, you can cancel the corresponding allowlist.

On the details page of a compliance pack, you can add a specific check item to an allowlist, but the resource instances a check item applies to cannot be added to an allowlist through this page.

Method 3: Adding an Allowlist Policy for a Check Item on the Policy Settings Page

If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist.

You can configure allowlist policies, delete an individual allowlist policy, all delete more allowlist policies all at once.

Import

Importing Check Items

Only check items in custom compliance packs are supported.

Export

Exporting Check Items

Both check items in built-in and custom compliance packs are supported.

Editing or deleting

Editing or Deleting a Check Item

Only check items in custom compliance packs can be edited and deleted. Check items in built-in compliance packs cannot be edited or deleted.

Limitations and Constraints

  • For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.
  • When you import check items, note the following restrictions:
    • Only .xlsx files can be imported.
    • Only one file can be imported at a time. Maximum file size: 100 records.
  • Check items in built-in compliance packs can only be viewed and exported, but cannot be edited or deleted.

Viewing Check Items

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.

    Figure 2 Accessing the Check Item tab

  6. On the Check Item tab, view the information about existing check items. For details about the parameters, see Table 2.

    Table 2 Parameters for check items

    Parameter

    Description

    Check Items

    Total number of check items in the current workspace.

    Built-in Check Items

    The number of check items preconfigured in SecMaster.

    Custom Check Items

    The number of check items you create.

    Check item list

    All check items and their basic information.

    • In the check item list, you can view the description, type, and number of compliance packs used for a check item. You can also edit or delete custom check items.
    • To display certain columns only, click the setting button in the upper right corner of the check item list and complete the settings (for example, whether to wrap lines and whether to fix the operation column).
    • To view details about a check item, click its name. The details page is displayed on the right.

      On the check item details page, you can view the description, basic information, and compliance pack used for the check item.

Creating a Custom Check Item

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.

    Figure 4 Accessing the Check Item tab

  6. Click Create Check Item in the upper left corner of the check item list.
  7. On the Create Check Item page, set check item parameters.

    Table 3 Parameters for creating check items

    Parameter

    Description

    Check Item

    Name you specify for the check item.

    It must meet the following requirements:

    • Only letters, digits, underscores (_), periods (.), and hyphens (-) are allowed.
    • Length: 1 to 256 characters

    Description

    Description you provide for the check item. A maximum of 4,096 characters are allowed.

    Severity

    Select the severity of the check item.

    • Critical
    • High
    • Medium
    • Low
    • Informational

    Action

    Select an action for the check item.

    • Executed by workflows: The check item is automatically executed through a workflow you specify, and the check result is reported by the workflow as well.
    • Executed manually: You will manually complete the check item offline.

    Select Workflow

    If you set Action to Executed by workflows, you need to select a workflow. The Workflow Type must be Baseline Inspection.

    If no appropriate workflows are available, click Create Workflow and create one on the workflow page.

    Manual Check Items

    If Action for a check item is set to Executed manually, SecMaster sets the check result options by default.

    Cloud Service

    Enter the information about the cloud service associated with the check item. Enter 0 to 36 characters.

  8. Click OK. You can filter check items by the created check item name on the check item page and view the basic information about the check items.

    For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.

    You can edit or delete custom check items you add as required.

Adding a Check Item to an Allowlist on the Check Result Page

If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist.

An item or instance that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 5 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.

    Figure 6 Accessing the check result page

  6. In the check result list, click Allow in the Operation column of the row that contains the target check item.
  7. In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

Adding a Check Item to an Allowlist on the Compliance Pack Details Page

If you do not need to check a check item, you can add it to an allowlist.

An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 7 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Compliance Pack tab.

    Figure 8 Accessing the Compliance Pack tab

  6. Click the name of the target compliance pack to go to its details page.
  7. Search for the target check item in the compliance pack list and click Allow in the Operation column.
  8. In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.

Adding an Allowlist Policy for a Check Item on the Policy Settings Page

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 9 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.

    Figure 10 Accessing the check result page

  6. Click Policy Settings in the upper right corner of the page. The Policy Settings page is displayed.
  7. On the Allowlist Policies tab, click Add Allowlist Policy. The Add Allowlist Policy page is displayed. Set the parameters as required.

    Table 4 Parameters for adding an allowlist policy

    Parameter

    Description

    Environment

    Select the cloud environment that the target check item belongs to.

    You can only select a value from the drop-down list.

    The value can be Huawei Cloud, indicating the Huawei Cloud environment.

    Cloud Service

    After selecting a value for Environment, select the cloud service that the target check item belongs to.

    You can only select a value from the drop-down list.

    The options of Cloud Service are cloud services associated with all check items in the cloud environment you select.

    Check Item

    After Environment and Cloud Service are configured, select the check item you want to add to the allowlist.

    You can only select a value from the drop-down list.

    The options for Check Item can be check items associated with the cloud services in the selected cloud environment.

    Policy Application Scope

    Set the application scope of the check item allowlist policy. The options are as follows:

    • All instances: If you select All instances, the allowlist policy works for all resource instances associated with the check item added to the allowlist policy.
    • Selected instances: If you select Selected instances, the allowlist policy works for resource instances selected by you and associated with the check item added to the allowlist policy.
    • If a check item is associated with only one resource instance, you can select All instances or Selected instances. No matter which option is selected, the policy works the same.

    Remarks (Optional)

    A description of the policy.

    A maximum of 1,000 characters are allowed.

  8. Click OK. You can view added allowlist policies on the Policy Settings page.

Cancelling or Deleting an Allowlist Policy

After an item is added to an allowlist, SecMaster skips this item during the check. This item is no longer counted when the check pass rate is calculated. If you need to check the item later, you can cancel the allowlist or delete the allowlist policy. To this end, you can select one of the following methods based on how the item was added to an allowlist.

Importing Check Items

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 11 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.

    Figure 12 Accessing the Check Item tab

  6. In the upper left corner above the check item list, click Import.
  7. In the dialog box displayed, click Download Template and complete the template.
  8. In the displayed dialog box, click Add File and upload the completed template file.

    • Only .xlsx files can be imported.
    • Only one file can be imported at a time. Maximum file size: 100 records.

  9. Click Import.
  10. You can view the imported check items on the check item tab. You can filter check items by check item name.

Exporting Check Items

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 13 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.

    Figure 14 Accessing the Check Item tab

  6. Select check items you want to export from the check item list and click Export in the upper left corner above the list.
  7. In the displayed dialog box, select the format and data columns you want.
  8. Click Export.

Editing or Deleting a Check Item

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 15 Workspace management page

  5. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.

    Figure 16 Accessing the Check Item tab

  6. In the check item list, edit or delete a check item.

    Table 5 Editing or deleting a check item

    Operation

    Description

    Editing a custom check item

    1. Locate the target check item and click Edit in the Operation column.
    2. Edit settings and click OK.
    3. Then, filter check items by check item name on the check item tab and view the check item information.

    Only custom check items can be edited. Check items in built-in compliance packs cannot be edited.

    Deleting a custom check item

    1. Locate the target check item and click Delete in the Operation column.
    2. In the displayed dialog box, confirm the deletion object, enter DELETE, and click OK.

    Only custom check items can be deleted. Check items in built-in compliance packs cannot be deleted.