检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
To improve data transmission security, enable SSL to encrypt communication.
Solution When creating a GES graph, use KMS to encrypt the graph instance. For details, see Creating a Graph Without Using a Template. Rule Logic If a GES graph is not encrypted using KMS, this graph is noncompliant.
CTS Trackers Have Traces Encrypted Rule Details Table 1 Rule details Parameter Description Rule Name cts-kms-encrypted-check Identifier cts-kms-encrypted-check Description If a CTS tracker does not have trace encryption enabled, this tracker is noncompliant. Tag cts Trigger Type Configuration
Solution Encrypt your EVS disks. For details, see Managing Encrypted EVS Disks Rule Logic If an EVS disk is not attached, this disk is compliant. If an EVS disk is attached and encrypted, this disk is compliant.
To improve data transmission security, enable SSL to encrypt communication. Solution Establishing Secure TCP/IP Connections in SSL Mode. Rule Logic If SSL encryption is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant.
Cryptographic techniques should be used to ensure the integrity of important data storage, including but not limited to authentication data, service data, audit data, configuration data, video data, and personal information. volumes-encrypted-check Encrypt mounted cloud disks to protect
This compromises data security, and public access cannot be enabled. 2.3 Encrypt all non-console administrative access using strong cryptography. dws-enable-ssl Enable SSL for DWS clusters to protect data. 2.3 Encrypt all non-console administrative access using strong cryptography
Solution Encrypt your EVS disks. For details, see Managing Encrypted EVS Disks Rule Logic If an EVS disk is encrypted, this disk is compliant. If an EVS disk is not encrypted, this disk is non-compliant. Parent topic: Elastic Volume Service
Set the protocol of your network load balancer listeners to TLS to encrypt data and prevent unauthorized access. Set the protocol of your application load balancer listeners to HTTPS to encrypt data and prevent unauthorized access.
To improve data transmission security, enable SSL to encrypt communication. Solution Configure SSL connection to the database based on your development mode. You can refer to Connecting to a Database in SSL Mode.
To improve data transmission security, enable SSL to encrypt communication. For details, see Security Best Practices. Solution Refer to Configuring SSL for a DB Instance to set SSL configurations.
You cannot manually encrypt or decrypt backups. For how to create a disk backup, see Creating a Disk Backup. Backup encryption can control internal personnel's access to data, reducing the risk of internal leakage. Solution Ensure that the EVS disk to be backed up is encrypted.
Encrypt the AK/SK and store them into the configuration file or environment variables. // In this example, the AK and SK are stored in environment variables. Before running this example, set environment variables HUAWEICLOUD_SDK_AK and HUAWEICLOUD_SDK_SK.
To improve data transmission security, enable SSL tp encrypt communication. For details, see Security Best Practices. Solution Refer to Enabling or Disabling SSL to set SSL configurations. When you enable or disable SSL, DDS will restart once.
For details, see Using KMS to Encrypt GaussDB(DWS) Clusters. Solution Encryption is an optional and immutable setting that can be configured during cluster creation.
Encrypt the AK/SK and store them into the configuration file or environment variables. // In this example, the AK and SK are stored in environment variables. Before running this example, set environment variables HUAWEICLOUD_SDK_AK and HUAWEICLOUD_SDK_SK.
Rule Logic If Verify Trace File, Encrypt Trace File, and Transfer to LTS are all enabled for a CTS tracker, this tracker is considered to comply with security best practices.
