检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
OBS Buckets Use Server-side Encryption with KMS-Managed Keys Rule Details Table 1 Rule details Parameter Description Rule Name obs-bucket-default-encryption-kms Identifier obs-bucket-default-encryption-kms Description If an OBS bucket does not use server-side encryption with a KMS-managed
Solution Refer to the following steps to enable SSL encryption: Encrypting Data over SSL for a GeminiDB Redis Instance Encrypting Data over SSL for a GeminiDB Cassandra Instance Encrypting Data over SSL for a GeminiDB Influx Instance Encrypting Data over SSL for a GeminiDB Mongo Instance
SSL Encryption Is Enabled for DWS Clusters Rule Details Table 1 Rule details Parameter Description Rule Name dws-enable-ssl Identifier SSL Encryption Is Enabled for DWS Clusters Description If SSL encryption is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant.
OBS Buckets Have Server-side Encryption Enabled Rule Details Table 1 Rule details Parameter Description Rule Name obs-bucket-server-side-encryption-enabled Identifier obs-bucket-server-side-encryption-enabled Description If an OBS bucket does not require server-side encryption, this
Disk Encryption Is Enabled for CSS Clusters Rule Details Table 1 Rule details Parameter Description Rule Name css-cluster-disk-encryption-check Identifier css-cluster-disk-encryption-check Description If disk encryption is not enabled for a CSS cluster, this cluster is noncompliant
KMS Encryption Is Enabled for MRS Clusters Rule Details Table 1 Rule details Parameter Description Rule Name mrs-cluster-encrypt-enable Identifier KMS Encryption Is Enabled for MRS Clusters Description If KMS encryption is not enabled for an MRS cluster, this cluster is non-compliant
Disk Encryption Are Enabled Rule Details Table 1 Rule details Parameter Description Rule Name volumes-encrypted-check-by-default Identifier volumes-encrypted-check-by-default Description If an EVS disk is not encrypted, this disk is non-compliant. Tag evs Trigger Type Configuration
SFS Turbo File Systems Have KMS Encryption Enabled Rule Details Table 1 Rule details Parameter Description Rule Name sfsturbo-encrypted-check Identifier SFS Turbo File Systems Have KMS Encryption Enabled Description If KMS encryption is not enabled for an SFS Turbo file system, this
GeminiDB Instances Have Disk Encryption Enabled Rule Details Table 1 Rule details Parameter Description Name gaussdb-nosql-enable-disk-encryption Identifier gaussdb-nosql-enable-disk-encryption Description If a GeminiDB instance does not have disk encryption enabled, this instance
Backup Encryption Check Rule Details Table 1 Rule details Parameter Description Rule Name cbr-backup-encrypted-check Identifier cbr-backup-encrypted-check Description If a CBR backup is not encrypted, this backup is non-compliant. Tag cbr Trigger Type Configuration change Filter Type
RDS Instances Use KMS Encryption Rule Details Table 1 Rule details Parameter Description Rule Name rds-instances-enable-kms Identifier RDS Instances Use KMS Encryption Description If KMS encryption is not enabled for an RDS instance, this instance is non-compliant. Tag rds Trigger
Data Transmission Encryption Is Enabled Rule Details Table 1 Rule details Parameter Description Rule Name gaussdb-instance-ssl-enable Identifier gaussdb-instance-ssl-enable Description If a GaussDB instance does not have SSL enabled, this instance is non-compliant. Tag gaussdb Trigger
Data Transmission Encryption Is Enabled Rule Details Table 1 Rule details Parameter Description Rule Name gaussdb-mysql-instance-ssl-enable Identifier gaussdb-mysql-instance-ssl-enable Description If a TaurusDB instance does not have SSL enabled, this instance is non-compliant. Tag
KMS Encryption Check Rule Details Table 1 Rule details Parameter Description Rule Name dws-enable-kms Identifier KMS Encryption Check Description If KMS encryption is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant. Tag dws Trigger Type Configuration change Filter
This compromises data security, and public access cannot be enabled. 6_SECURE DEVICES: ENCRYPTION Protect data by encrypting it. SMEs should ensure the data stored on mobile devices such as laptops, smartphones, and tables are encrypted.
Project Parameter Encryption Check Rule Details Table 1 Rule details Parameter Description Rule Name cloudbuildserver-encryption-parameter-check Identifier Project Parameter Encryption Check Description If encryption is not enabled for custom parameters in a CodeArts project, this
Data Encryption Workshop Key Status Check Key Rotation Has Been Enabled CSMS Secretes Are Rotated CSMS Secrets Have Enabled Automatic Rotation CSMS Secrets Must Use the Specified KMS Keys CSMS Secrets Have Been Rotated Within the Specified Period Parent topic: Built-In Policies
Best Practices for Data Transmission Encryption The following table lists the rules and solutions included in this conformance package template. Table 1 Conformance package description Rule Cloud Service Description apig-instances-ssl-enabled apig If no SSL certificates are attached
Best Practices for Static Data Encryption The following table lists the rules and solutions included in this conformance package template. Table 1 Conformance package description Rule Cloud Service Description cbr-backup-encrypted-check cbr If a CBR backup is not encrypted, this backup
For details, see Encrypting Images. Solution Create an encrypted image from an external image file or an encrypted ECS. Rule Logic If a private image does not have encryption enabled, this image is non-compliant.
