Best Practices of Network and Data Security
This section describes the best practices of network and data security, their applicable scenarios, and default rules in the conformance package.
Applicable Scenario
This conformance package helps you evaluate network and data security to protect your information assets from network attacks and data leakage.
Exemption Clauses
This package provides you with general guide to help you quickly create scenario-based conformance packages. The conformance package and rules included only apply to cloud service and do not represent any legal advice. This conformance package does not ensure compliance with specific laws, regulations, or industry standards. You are responsible for the compliance and legality of your business and technical operations and assume all related responsibilities.
Conformance Rules
Guideline No. |
Rule |
---|---|
1.1 |
ecs-in-allowed-security-groups |
1.1 |
eip-unbound-check |
1.1 |
eip-use-in-specified-days |
1.1 |
stopped-ecs-date-diff |
1.1 |
vpc-acl-unused-check |
2.2 |
cce-cluster-oldest-supported-version |
3.3 |
css-cluster-in-vpc |
3.3 |
drs-data-guard-job-not-public |
3.3 |
drs-migration-job-not-public |
3.3 |
drs-synchronization-job-not-public |
3.3 |
ecs-instance-in-vpc |
3.3 |
ecs-instance-no-public-ip |
3.3 |
function-graph-inside-vpc |
3.3 |
function-graph-public-access-prohibited |
3.3 |
iam-customer-policy-blocked-kms-actions |
3.3 |
iam-group-has-users-check |
3.3 |
iam-policy-no-statements-with-admin-access |
3.3 |
iam-role-has-all-permissions |
3.3 |
iam-root-access-key-check |
3.3 |
iam-user-group-membership-check |
3.3 |
iam-user-last-login-check |
3.3 |
mrs-cluster-kerberos-enabled |
3.3 |
mrs-cluster-no-public-ip |
3.3 |
rds-instance-no-public-ip |
3.1 |
apig-instances-ssl-enabled |
3.1 |
css-cluster-disk-encryption-check |
3.1 |
css-cluster-https-required |
3.1 |
dws-enable-ssl |
3.1 |
elb-tls-https-listeners-only |
3.11 |
cts-kms-encrypted-check |
3.11 |
dws-enable-kms |
3.11 |
gaussdb-nosql-enable-disk-encryption |
3.11 |
rds-instances-enable-kms |
3.11 |
sfsturbo-encrypted-check |
3.11 |
volumes-encrypted-check |
3.14 |
apig-instances-execution-logging-enabled |
3.14 |
cts-lts-enable |
3.14 |
cts-obs-bucket-track |
3.14 |
cts-tracker-exists |
3.14 |
multi-region-cts-tracker-exists |
3.14 |
rds-instance-logging-enabled |
3.14 |
vpc-flow-logs-enabled |
4.1 |
access-keys-rotated |
4.1 |
evs-use-in-specified-days |
4.1 |
stopped-ecs-date-diff |
4.1 |
volume-unused-check |
4.6 |
apig-instances-ssl-enabled |
4.6 |
css-cluster-https-required |
4.6 |
dws-enable-ssl |
4.6 |
elb-tls-https-listeners-only |
4.7 |
iam-root-access-key-check |
5.2 |
iam-password-policy |
5.2 |
iam-user-mfa-enabled |
5.2 |
mfa-enabled-for-iam-console-access |
5.2 |
root-account-mfa-enabled |
5.3 |
iam-user-last-login-check |
5.4 |
iam-policy-no-statements-with-admin-access |
5.4 |
iam-root-access-key-check |
6.4 |
iam-user-mfa-enabled |
6.4 |
mfa-enabled-for-iam-console-access |
6.4 |
root-account-mfa-enabled |
8.2 |
apig-instances-execution-logging-enabled |
8.2 |
cts-lts-enable |
8.2 |
cts-obs-bucket-track |
8.2 |
cts-tracker-exists |
8.2 |
multi-region-cts-tracker-exists |
8.2 |
rds-instance-logging-enabled |
8.2 |
vpc-flow-logs-enabled |
8.5 |
apig-instances-execution-logging-enabled |
8.5 |
cts-lts-enable |
8.5 |
cts-obs-bucket-track |
8.5 |
cts-tracker-exists |
8.5 |
multi-region-cts-tracker-exists |
8.5 |
rds-instance-logging-enabled |
8.5 |
vpc-flow-logs-enabled |
8.9 |
cts-lts-enable |
11.2 |
dws-enable-snapshot |
11.2 |
gaussdb-instance-enable-backup |
11.2 |
gaussdb-mysql-instance-enable-backup |
11.2 |
gaussdb-nosql-enable-backup |
11.2 |
rds-instance-enable-backup |
11.3 |
rds-instances-enable-kms |
11.3 |
volumes-encrypted-check |
11.4 |
dws-enable-snapshot |
11.4 |
gaussdb-instance-enable-backup |
11.4 |
gaussdb-mysql-instance-enable-backup |
11.4 |
gaussdb-nosql-enable-backup |
11.4 |
rds-instance-enable-backup |
12.2 |
css-cluster-in-vpc |
12.2 |
css-cluster-in-vpc |
12.2 |
drs-data-guard-job-not-public |
12.2 |
drs-migration-job-not-public |
12.2 |
drs-synchronization-job-not-public |
12.2 |
ecs-instance-in-vpc |
12.2 |
ecs-instance-no-public-ip |
12.2 |
function-graph-inside-vpc |
12.2 |
function-graph-public-access-prohibited |
12.2 |
mrs-cluster-no-public-ip |
12.2 |
pca-certificate-authority-expiration-check |
12.2 |
pca-certificate-expiration-check |
12.2 |
rds-instance-multi-az-support |
12.2 |
rds-instance-no-public-ip |
12.2 |
vpc-default-sg-closed |
12.2 |
vpc-sg-ports-check |
12.2 |
vpc-sg-restricted-common-ports |
12.2 |
vpc-sg-restricted-ssh |
12.2 |
vpn-connections-active |
12.3 |
apig-instances-ssl-enabled |
12.3 |
css-cluster-https-required |
12.3 |
dws-enable-ssl |
12.3 |
elb-tls-https-listeners-only |
12.6 |
apig-instances-ssl-enabled |
12.6 |
css-cluster-https-required |
12.6 |
dws-enable-ssl |
12.6 |
elb-tls-https-listeners-only |
13.6 |
vpc-flow-logs-enabled |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot