If you can access the custom domain name that is bound to a function in Function Compute over the Internet, and the function uses the specified version of the transport layer security (TLS) protocol, the evaluation result is Compliant.

Scenarios

To enhance data security, you can specify a version of the TLS protocol for functions in Function Compute.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If you can access the custom domain name that is bound to a function in Function Compute over the Internet, and the function uses the specified version of the TLS protocol, the evaluation result is Compliant.
  • If the function in Function Compute is not bound to a custom domain name, the evaluation result is Non-compliant. If you can access the custom domain name that is bound to the function in Function Compute over the Internet, but the function does not use the specified TLS protocol version, the evaluation result is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.

Rule details

ItemDescription
Rule namefc-function-custom-domain-and-tls-enable
Rule identifierfc-function-custom-domain-and-tls-enable
TagFC and Log
Automatic remediationNot supported
Trigger typePeriodic execution
Evaluation frequencyEvery 24 hours
Supported resource typeFunction Compute services
Input parameterminVersion (Default value: TLSv1.2)

Non-compliance remediation

Make sure that you can access the custom domain name that is bound to a function in Function Compute over the Internet, and that the function uses the specified TLS protocol version. For more information, see Configure a custom domain name.