Performing a Manual Baseline Check

Scenarios

There are some manual check items included in baseline inspection. You need to perform these checks manually. After you finish a manual check, report the check results to SecMaster. The pass rate is calculated based on results from both manual and automatic checks. The following compliance packs contain manual check items:

• All check items in DJCP 2.0 Level 3 Requirements
• All check items in General Data Protection Regulation
• Manual check items in Cloud Security Compliance Check 1.0
• Manual check items in Network Security
• Manual check items in Huawei Cloud Security Configuration 3.0
• All check items in Password Complexity Policy Detection
• All check items in Common Weak Password Detection
• All check items in PCI-DSS
• All check items in NIST SP 800-53
• Manual check items in ISO/IEC 27002:2022

This topic describes how to start manual checks in baseline inspection.

Prerequisites

• You have completed the check offline.
• During a baseline check, some check items in the Huawei Cloud Security Configuration 3.0 compliance pack and all check items in the ISO/IEC 27002:2022 compliance pack rely on automatic alert conversion of SecMaster compliance baseline logs and Config audit baseline logs.
  • Enabling the Config resource recorder: If the baseline check scope includes all check items in the ISO/IEC 27002:2022 compliance pack and some check items in the Huawei Cloud Security Configuration 3.0 compliance pack, you must enable the Config resource recorder on the Config console.
    • If the baseline check scope specifies certain accounts and only the current account is included, enable the Config resource recorder by referring to Configuring the Resource Recorder.
    • If the scope of the baseline check matches any of the following scenarios, enable the Config resource recorder by referring to Batch Configuring the Resource Recorder.
      • Scenario 1: The check scope includes all accounts.
      • Scenario 2: The check scope specifies certain accounts, and those accounts include one or more accounts other than the current account.
      • Scenario 3: The check scope specifies certain accounts, and those accounts include both the current account and other accounts.
  • Cloud service access: If the baseline check includes all check items in the ISO/IEC 27002:2022 compliance pack and some check items in the Huawei Cloud Security Configuration 3.0 compliance pack, you need to integrate the following logs in SecMaster and enable automatic alert conversion:
    • Enable automatic alert conversion for compliance baseline logs in SecMaster. For details, see Enabling Log Access.
    • Enable automatic alert conversion for audit baseline logs in Config. For details, see Enabling Log Access.

Notes and Constraints

• The baseline inspection of compliance packs OS Configuration Baseline, Common Weak Password Detection, and Password Complexity Policy Detection are performed in HSS instead of SecMaster. However, you can view check results in SecMaster. If you need to perform HSS baseline inspection, go to the HSS console and complete the inspection. For details, see Performing Baseline Inspection on HSS.

Procedure

1. Log in to the SecMaster console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Workspace management page
   

4. In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.
   Figure 2 Accessing the check result page
   

5. In the Operation column of the target manual check item, click Manual Check.
   Figure 3 Reporting manual check results
   

6. In the displayed dialog box, report the result and click OK. Then, choose Risk Prevention > Baseline Inspection and view the status of each check item.
   

   Report manual check results every 7 days as your feedback is valid only for 7 days.