Updated on 2025-06-26 GMT+08:00

Overview

SecMaster can scan cloud services for risks in key configuration items, report scan results by category, generate alerts for incidents, and provide hardening suggestions and guidelines.

SecMaster can check key cloud service configurations for your workloads on the cloud based on preconfigured compliance packs, Cloud Security Compliance Check 1.0, DJCP 2.0 Level 3 Requirements, Network Security, General Data Protection Regulation, OS Configuration Baseline, and Cloud Security Configuration. In addition, you can add custom check items and compliance packs to meet your own needs.

Table 1 SecMaster Built-in Compliance Packs

Compliance Pack

Description

Applicable Region

Category

Domain

Cloud Security Compliance Check 1.0

This compliance pack automates the assessment of your data security posture across four key areas: identity and access management, infrastructure security, data protection, and backup integrity. It helps you efficiently identify data security issues.

Global

Industry standards

Network security

DJCP 2.0 Level 3 Requirements

This compliance pack provides check items and guidelines to help you evaluate your data security management. It also suggests improvements based the level 3 requirements of China's national standard GB/T 22239-2019 information security technology — Baseline for classified protection of cybersecurity.

China

National standards

Network security

Network Security

This compliance pack offers automated security checks aligned with international best practices. It enables cloud customers to identify threats and risks across key assets—including cloud servers, web applications, object storage, and data security centers—enhancing overall network security capabilities.

Global

Industry standards

Network security

Cloud Security Configuration

This compliance pack automates security configuration checks for IAM, monitoring, compute (container and cloud server), network, storage, and data services against cloud security benchmarks, helping you establish and maintain a secure cloud foundation.

Global

Industry standards

Network security

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive data privacy law established by the European Union to safeguard individuals' personal data and ensure its secure processing. It mandates that all organizations processing EU citizens' personal data must ensure transparent, lawful, and secure data processing practices.

European Union

Regional laws

Data protection

OS Configuration Baseline

This compliance pack checks password complexity policies, common weak passwords, and configurations. It can detect insecure password configurations and risky configurations in key software on servers, and provide rectification suggestions for detected risks, helping you correctly handle risky configurations on servers.

Global

Industry standards

Operating systems (OSs)

Limitations and Constraints

  • Only SecMaster professional edition supports the OS Configuration Baseline compliance pack. Before using this pack, you need to enable HSS baseline log access in SecMaster and enable Automatically converts alarms for HSS baseline logs. In the navigation pane of the target workspace, choose Settings > Data Integration. On the displayed page, click next to HSS baseline and the button in the Automatically converts alarms column, and click Save. In the dialog box displayed, click OK. For more operations, see Enabling Log Access.
  • SecMaster does not perform checks based on the OS Configuration Baseline compliance pack. It synchronizes the baseline inspection results from HSS. So you can view the results in SecMaster.

Baseline Check Methods

  • Automated baseline checks

    By default, SecMaster performs a check every three days. From 00:00 to 06:00, SecMaster checks all assets in the current region under your account based on compliance pack Cloud Security Compliance Check 1.0. The default check plan only allows you to enable or disable automatic baseline checks.

  • Scheduled custom baseline checks

    You can customize the automatic check period, check time, and check scope. For details, see Performing a Scheduled Baseline Check.

  • Immediate baseline checks
    • You can start all compliance packs in use to detect violations against automatic check items.
    • You can start a check plan to detect violations against check items in the compliance pack configured in the check plan.
    • You can select one or more check items and start them at once.
  • Manual baseline checks

    There are some manual check items included in baseline inspection. After you finish a manual check, report the check results to SecMaster. The pass rate is calculated based on results from both manual and automatic checks. For automatic check items, you can manually start specific checks.

    For details about manual checks, see Performing a Manual Baseline Check.

Usage Process

The process of using baseline inspection is as follows.

Table 2 Process

No.

Operation

Description

0

(Optional) Enabling SecMaster access to HSS baseline logs in Host Security Service.

This operation is required only when SecMaster professional edition is in use and the OS Configuration Baseline compliance pack is enabled. For details about how to enable the compliance package, see Editing, Enabling, Disabling, or Deleting a Compliance Pack.

In the navigation pane of the target workspace, choose Settings > Data Integration. On the displayed page, click next to HSS baseline and the button in the Automatically converts alarms column, and click Save. In the dialog box displayed, click OK. For details, see Enabling Log Access.

1

Conducting a Scheduled Baseline Inspection

SecMaster uses the default check plan to check all assets.

  • Default plan: SecMaster checks your assets under your account in the current region every three days from 00:00 to 06:00.
  • Custom plans: SecMaster performs baseline inspections based on the compliance packs and time you specify in the custom check plans.

2

Starting an Immediate Baseline Check

The baseline inspection supports periodic and immediate checks.

  • Periodic check: The system automatically executes the default check plan or the check plans you configure.
  • Immediate check: You can add or modify a custom check plan and start the check plan immediately. In this way, you can check whether the servers have certain unsafe configurations in real time.

3

Viewing Baseline Inspection Results

You can view the baseline inspection results after each manual check or automated check. You can quickly learn affected assets and details about the baseline inspection items.

4

Handling Baseline Inspection Results

You can handle risky items based on the rectification suggestions.