Security Center provides classified protection compliance checks to assess the security of your networks and compute environments. You can use this feature to check whether your system complies with the classified protection regulations, and to manage security risks in a timely manner. This topic describes how to view the report of a classified protection compliance check.

Background information

  • Starting December 1, 2019, Baseline for classified protection of cybersecurity (GB/T 22239-2019 Information security technology) is issued. It is the obligation and responsibility of every enterprise to comply with the classified protection regulations. Alibaba Cloud complies with the classified protection regulations. In addition, Security Center offers the classified protection compliance check feature for you to scan your system and make it comply with the regulations. This feature can reinforce the security of your system.
  • All editions of Security Center support classified protection compliance checks.
  • When you open the Classified Protection Compliance Check Report page, Security Center automatically runs a classified compliance check and generates the latest report.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Application market > Compliance.
  3. Optional:On the top of the Classified Protection Compliance Check Report page, click apply for download in the upper-right corner of the Alibaba Cloud Public Cloud and Other White Papers on Compliance 2.0 message.
    On the Solutions for Classified Protection Compliance 2.0 page, enter and submit your information. After your application is approved, which takes two to four business days, you will receive an email that contains the solutions for classified protection compliance.
    Note The solutions contain:
    • Free guidance from Alibaba Cloud security architect
    • A PowerPoint that describes the solutions
    • Sales license for security services
    • The certificate of Alibaba Cloud classified protection compliance
    • The compliance check report
    • Alibaba Cloud Public Cloud and Other White Papers on Compliance 2.0, which introduce how Alibaba Cloud helps customers build a security compliance system based on classified protection of cybersecurity.
  4. On the Classified Protection Compliance Check Report page, you can view the statistics of the report.The Classified Protection Compliance Check Report page
    You can perform the following operations:
    • View the total number of check items and number of failed check items

      You can view the total number of check items and number of failed check items in the Total number of inspection items and Number of pending non-compliance items sections. You can click the number below Number of pending non-compliance items to view the items that do not comply with the regulations.

    • View best practices for classified protection

      Alibaba Cloud provides the solutions for classified protection compliance 2.0. These solutions allow you to comply with the classified protection regulations 2.0. For more information about solutions for classified protection compliance 2.0, click Click to view.

    • Consult online

      For online consulting service, you can click consulting in the lower-right corner of Consultation. The online consulting service is available from 09:00 to 17:00 on business days.

    • Check host configurations

      You can click Go to the compliance check function for in-depth check to go to the Baseline Check page where you can manege baseline risks detected in your assets. For more information, see View and manage baseline risks.

    • Search for a specific check item

      You can filter check items by status or enter a name to search for a specific check item.

  5. Manage failed check items
    In the Suggestions for improvement column, suggestions are provided for check items that do not comply with the regulations.Suggestions for improvement
    Note Security Center checks whether your system complies with the classified protection regulations from different dimensions, such as access control and log audit. After you manage detected risks, your system can pass the classified protection compliance check.