Help Center/ SecMaster/ User Guide/ Security Governance/ Security Governance Overview
Updated on 2025-08-11 GMT+08:00

Security Governance Overview

What Is Security Governance?

Security Governance in SecMaster can help you quickly assess how well your workloads comply with some security standards and practices. Based on Huawei Cloud Service Cybersecurity & Compliance Standard (3CS), it offers security governance templates to help you comply with PCI DSS, ISO 27701, ISO 27001, and more. It automatically checks your services against preset compliance policies and displays compliance status in an intuitive way. You can download check reports to check details.

Before using security governance in SecMaster, you need to submit a service ticket to enable the service.

Application Scenarios

Security Governance in SecMaster can help you easily assess how well your cloud workloads comply with applicable security standards, regulations, and laws. You will quickly find the gap, rectify issues, and get related certification faster. SecMaster provides security governance templates and compliance policy scanning services. The standard clauses in security compliance packs have been converted into check items. If you subscribe to a compliance pack, SecMaster can automatically check your workload compliance with check items in the pack and generate a report for you.

Features

Security Governance provides you with security governance templates and checks your services based on regulation terms in the compliance packs.

  • Compliance Pack

    Huawei's security governance templates include detailed terms, scan policies, compliance evaluation items, and improvement suggestions from Huawei experts, covering PCI DSS, ISO27701, ISO27001, privacy protection, and other standards. You can subscribe to and unsubscribe from compliance packs and view results.

  • Policy Check

    The compliance status of cloud assets is checked periodically through code-based scanning. You can view compliance risks on the dashboard, and obtain corresponding improvement suggestions from our experts.

  • Compliance Evaluation

    Security Governance integrates regulatory clauses and standard requirements into compliance pack check items. You complete evaluation of your services using the compliance pack, and view evaluation results. You can also view historical results, upload and download evidence, and take actions based on suggestions from our experts.

  • Result Display

    Security Governance displays the evaluation results and compliance status on the dashboard, including the compliance rates of the compliance packs you subscribed to, and the compliance rate of each term the regulations and standards, each security, as well as the policy check results.

Advantages

  • Compliance as a Service

    Security Governance provides the unified Cloud Service Cybersecurity & Compliance Standard (3CS). It integrates regulatory clauses and standard requirements into your business and information technologies by providing various 3CS-based security governance templates.

  • Improved Efficiency

    Security Governance opens security governance templates for you to be compliant with PCI DSS, ISO 27701, and ISO 27001, providing compliance policies and evaluation items. With your authorization, Security Governance automatically scans your cloud assets against compliance policies, and the service evaluation items help you quickly manage the compliance status. You can download compliance reports in few clicks.

  • Intuitive Display

    Security Governance presents both the overall compliance information and requirement-specific compliance status on the dashboard. You can easily identify potential problems and take actions based on expert suggestions.

Process of Using SecMaster

Table 1 shows the process of using SecMaster security governance.

Figure 1 Process of using the security governance function
Table 1 Process description

Step

Description

Authorizing SecMaster to Access Cloud Service Resources

Before using security governance, you need to authorize SecMaster to access your cloud service resources. After that, you can check cloud assets on security compliance through policy scanning.

Subscribing to or Unsubscribing from a Compliance Pack

SecMaster provides different security compliance packs. You can subscribe to the one that best fits your needs.

Starting a Self-Assessment

You can execute check items in the compliance pack you subscribe to and evaluate your service compliance.

Viewing the result

After policy scanning or self-assessment, you can view the security governance status.

Downloading a Compliance Report

Security Governance provides security compliance reports. You can download the reports to learn of how well your services comply with mainstream security standards.