检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
css-cluster-no-public-zone css If a CSS cluster can be accessed over a public network, this cluster is noncompliant. css-cluster-security-mode-enable css If a CSS cluster does not support the security mode, this cluster is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
Rule Logic If a GES graph is not encrypted using KMS, this graph is noncompliant. If a GES graph is encrypted using KMS, this graph is noncompliant. Parent topic: Graph Engine Service
C.CS.FOUNDATION.G_7_3.R_6 Enabling SSL encrypted transmission dws-enable-ssl dws If SSL is not enabled for a DWS cluster, this cluster is noncompliant.
CTS Trackers Have Traces Encrypted Rule Details Table 1 Rule details Parameter Description Rule Name cts-kms-encrypted-check Identifier cts-kms-encrypted-check Description If a CTS tracker does not have trace encryption enabled, this tracker is noncompliant.
C.CS.FOUNDATION.G_5_2.R_1 Ensuring that EVS encryption is enabled volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted, this disk is noncompliant.
EVS Disks Are Encrypted Rule Details Table 1 Rule details Parameter Description Rule Name volumes-encrypted-check Identifier volumes-encrypted-check Description If a mounted EVS disk is not encrypted, this disk is noncompliant.
Table 1 Conformance package description Rule Cloud Service Description cts-kms-encrypted-check cts If a CTS tracker is not encrypted using KMS, this tracker is noncompliant. cts-lts-enable cts If Transfer to LTS is not enabled for a CTS tracker, this tracker is noncompliant. cts-support-validate-check
an ECS has multiple EIPs attached, this ECS is noncompliant. stopped-ecs-date-diff ecs If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted
alarm-obs-bucket-policy-change ces, obs If there are no alarm rules configured for OBS bucket policy changes, this rule is noncompliant. alarm-vpc-change ces, vpc If there are no alarm rules configured for VPC changes, the current account is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
Disk Encryption Are Enabled Rule Details Table 1 Rule details Parameter Description Rule Name volumes-encrypted-check-by-default Identifier volumes-encrypted-check-by-default Description If an EVS disk is not encrypted, this disk is noncompliant.
If an OBS bucket allows requests that are not encrypted with SSL, this bucket is noncompliant. Whether an OBS bucket policy allows requests that are not encrypted with SSL is determined through the SecureTransport or g:SecureTransport parameter.
is noncompliant. css-cluster-https-required css If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant. css-cluster-in-vpc css If a CSS cluster is not in any of the specified VPCs, this cluster is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
Backup Encryption Check Rule Details Table 1 Rule details Parameter Description Rule Name cbr-backup-encrypted-check Identifier cbr-backup-encrypted-check Description If a CBR backup is not encrypted, this backup is noncompliant.
account is noncompliant. css-cluster-https-required css If HTTPS is not enabled for a CSS cluster, this cluster is noncompliant. css-cluster-in-vpc css If a CSS cluster is not in the specified VPCs, this cluster is noncompliant. cts-kms-encrypted-check cts If a CTS tracker is not encrypted
Backups are encrypted, especially if they are going to be moved between locations. 4. The ability to regularly restore data from the backups is tested.
If you need to use an encrypted bucket, you can add required KMS Administrator permissions to the agency or use custom authorization. For details, see Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket.
Table 1 Conformance package description Rule Cloud Service Description cbr-backup-encrypted-check cbr If a CBR backup is not encrypted, this backup is noncompliant. css-cluster-disk-encryption-check css If disk encryption is not enabled for a CSS cluster, this cluster is noncompliant
Cloud Trace Service CTS Trackers Have Traces Encrypted CTS Trackers Have Trace Transfer to LTS Enabled CTS Trackers Have Been Created for the Specified OBS Bucket Trace File Verification Is Enabled At Least One Tracker Is Enabled There Are CTS Trackers In the Specified Regions CTS
Graph Engine Service GES Graphs Are Encrypted Using KMS GES Graphs Have LTS Enabled GES Graphs Support Cross-AZ HA Parent topic: Built-In Policies
Elastic Volume Service EVS Disk Type Check Disks Are Used Within the Specified Time Idle EVS Disk Check EVS Disks Are Encrypted Disk Encryption Are Enabled EVS Disks Have Backup Vaults Attached EVS Backup Time Check Parent topic: Built-In Policies
