This topic describes the managed rules that are provided in the BestPracticesForOSS compliance package template.

Rule name Description
oss-bucket-public-read-prohibited If the access control list (ACL) of each Object Storage Service (OSS) bucket denies read access from the Internet, the evaluation result is compliant.
oss-bucket-public-write-prohibited If the ACL of each OSS bucket denies write access from the Internet, the evaluation result is compliant.
oss-bucket-server-side-encryption-enabled If server-side encryption is enabled for each OSS bucket, the evaluation result is compliant.
ss-bucket-referer-limit If the hotlink protection feature is enabled for each OSS bucket, the evaluation result is compliant.
oss-zrs-enabled If zone-redundant storage (ZRS) is enabled for each OSS bucket, the evaluation result is compliant.
oss-bucket-logging-enabled If the log storage feature is enabled for each OSS bucket, the evaluation result is compliant.
oss-bucket-versioning-enabled If the versioning feature is enabled for each OSS bucket, the evaluation result is compliant.