Help Center/ SecMaster/ FAQs/ Risk Prevention/ What Is the Difference Between a Baseline and a Vulnerability?

Updated on 2025-08-08 GMT+08:00

View PDF

What Is the Difference Between a Baseline and a Vulnerability?

Baseline Inspection

A baseline is a critical cloud security configuration that defines the minimum security requirements for system and service management. It establishes standardized settings across service, application, OS, and component configurations. SecMaster provides baseline inspection. This feature can scan cloud services for risks in key configuration items, report scan results by category, generate alerts for incidents, and provide hardening suggestions and guidelines.

For details about the built-in check items supported by SecMaster, see Built-in Check Items.

For more details about baseline inspection, see Overview.
The following table lists the compliance packs built in SecMaster.

**Table 1** SecMaster Built-in Compliance Packs
Compliance Pack	Description	Applicable Region	Category	Domain
Cloud Security Compliance Check 1.0	This compliance pack automates the assessment of your data security posture across four key areas: identity and access management, infrastructure security, data protection, and backup integrity. It helps you efficiently identify data security issues.	Global	Industry standards	Network security
DJCP 2.0 Level 3 Requirements	This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based the level 3 requirements of China's national standard GB/T 22239-2019 information security technology — Baseline for classified protection of cybersecurity.	China	National standards	Network security
Network Security	This compliance pack offers automated security checks aligned with international best practices. It enables cloud customers to identify threats and risks across key assets—including cloud servers, web applications, object storage, and data security centers—enhancing overall network security capabilities.	Global	Industry standards	Network security
Huawei Cloud Security Configuration	This compliance pack automates security configuration checks for IAM, monitoring, compute (container and cloud server), network, storage, and data services against cloud security benchmarks, helping you establish and maintain a secure cloud foundation.	Global	Industry standards	Network security
GDPR	The General Data Protection Regulation (GDPR) is a comprehensive data privacy law established by the European Union to safeguard individuals' personal data and ensure its secure processing. It mandates that all organizations processing EU citizens' personal data must ensure transparent, lawful, and secure data processing practices.	European Union	Regional laws	Data protection
OS Configuration Baseline	This compliance pack checks password complexity policies, common weak passwords, and configurations. It can detect insecure password configurations and risky configurations in key software on servers, and provide rectification suggestions for detected risks, helping you correctly handle risky configurations on servers.	Global	Industry standards	Operating systems (OSs)
Common Weak Password Detection	This check compares passwords used by accounts with common weak passwords defined in a library and reminds users to change detected weak passwords.	Global	Industry standards	Operating systems (OSs)
Password Complexity Policy Detection	A password complexity policy specifies the rules that user passwords must comply with to improve password security and defend against brute-force attacks. This feature checks the password complexity policies in Linux and provides suggestions to help improve password security.	Global	Industry standards	Operating systems (OSs)
PCI-DSS	The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard jointly formulated by five major payment card brands (Visa, Mastercard, American Express, Discover, and JCB) to protect payment card data and prevent data leaks and frauds.	Global	Industry standards	Data security
NIST SP 800-53	NIST SP 800-53 provides a comprehensive security control framework for organizations to identify, assess, and manage information security risks.	Global	Industry standards	Data security

Vulnerabilities

A vulnerability is a defect or weakness in operating systems, security policies, or software. Attackers may exploit these defects or weaknesses to damage system, steal data, interrupt services, or cause other security problems. SecMaster can integrate vulnerability scan results from Host Security Service (HSS) and vulnerability data you import into SecMaster, so that you can quickly locate vulnerable assets and fix vulnerabilities. For more details, see Vulnerability Management Overview.

Parent topic: Risk Prevention

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot