This compliance package helps you detect and manage potential security, stability, and compliance risks in Alibaba Cloud Model Studio, Platform for AI (PAI), and their core dependencies. These dependencies include ACS, Container Registry (ACR), OSS, NAS, Key Management Service (KMS), Simple Log Service (SLS), and MaxCompute. This topic describes the default rules for generative AI compliance best practices.
Rule name | Rule description |
Enable the prompt attack security guardrail for input content in Model Studio | Enabling the prompt attack security guardrail for input content in Model Studio is considered compliant. |
Enable the security guardrail for input content in Model Studio | Enabling the security guardrail for input content in Model Studio and making at least one call within 7 days is considered compliant. |
Enable the prompt attack security guardrail for output content in Model Studio | Enabling the prompt attack security guardrail for output content in Model Studio is considered compliant. |
Enable the security guardrail for output content in Model Studio | Enabling the security guardrail for output content in Model Studio and making at least one call within 7 days is considered compliant. |
Enable the malicious URL security guardrail for output content in Model Studio | Enabling the malicious URL security guardrail for output content in Model Studio is considered compliant. |
Setting at least one alert rule for Elastic Algorithm Service (EAS) in CloudMonitor is considered compliant. | |
Setting at least one alert rule for Deep Learning Containers (DLC) in CloudMonitor is considered compliant. | |
Using a Security Center edition higher than the Basic Edition or activating the pay-as-you-go edition is considered compliant. | |
An ACK cluster is considered compliant if it does not have a public endpoint configured, or if the listener of the associated SLB has an access control list (ACL) enabled. | |
Install the CloudMonitor agent on running nodes of an ACK cluster | An ACK cluster is considered compliant if the CloudMonitor agent is installed on all running nodes and the monitoring status is Normal. |
Installing the internal container operation auditing component on an ACK cluster is considered compliant. This component helps you audit the commands that members of your organization or applications execute after they access a container. | |
Enabling the API Server auditing feature for an ACK cluster is considered compliant. This feature helps cluster administrators record or trace the daily operations of different users. | |
Using a regional ACK cluster with nodes distributed across three or more zones is considered compliant. | |
Enabling the RRSA feature for an ACK cluster is considered compliant. The RRSA feature provides pod-level OpenAPI permission isolation within the cluster. This allows for fine-grained isolation of cloud resource access permissions and reduces security risks. | |
Configuring encryption at rest for Secrets in an ACK cluster is considered compliant. This rule is not applicable to ACK basic clusters. | |
Enable and configure a container security policy for ACK clusters | Enabling and configuring a container security policy for an ACK cluster is considered compliant. |
Enable log collection for control plane components in ACK clusters | Enabling log collection for control plane components in an ACK managed cluster is considered compliant. This rule is not applicable to non-managed clusters. |
Container Registry instances do not have public network access enabled | A Container Registry instance is considered compliant if public network access is not enabled. This rule applies to Enterprise Edition instances. |
Container Registry instances are associated with zone-redundant OSS buckets | A Container Registry instance associated with a zone-redundant OSS bucket is considered compliant. |
Setting image versions in Container Registry to immutable is considered compliant. | |
An ECS data disk with encryption enabled is considered compliant. | |
An ECS disk with an automatic snapshot policy configured is considered compliant. This rule is not applicable to disks that are not in use, disks that do not support automatic snapshot policies, or disks mounted to ACK clusters for non-persistent use. After you enable an automatic snapshot policy, Alibaba Cloud automatically creates snapshots for the disk at specified points in time and intervals. This lets you quickly recover from security events such as virus intrusions or ransomware attacks. | |
Enable automatic rotation for master keys in Key Management Service | Enabling automatic rotation for a customer master key (CMK) in Key Management Service (KMS) is considered compliant. This rule is not applicable to service keys or keys that you import using Bring Your Own Key (BYOK). |
Enabling deletion protection for a KMS master key is considered compliant. This rule does not apply to disabled keys or service keys, because service keys cannot be deleted. | |
Enable automatic rotation for credentials in Key Management Service | Enabling automatic rotation for credentials in Key Management Service is considered compliant. This rule is not applicable to generic secrets. |
Use a zone-disaster recovery architecture for MaxCompute projects | Using a zone-disaster recovery architecture for a MaxCompute project is considered compliant. |
Enabling encryption for a MaxCompute project is considered compliant. This rule is not applicable to frozen projects. | |
Enabling an IP whitelist for a MaxCompute project is considered compliant. | |
The permission group used by a NAS file system is not open to all sources | A NAS file system is considered compliant if its permission group does not allow access from all sources. This rule does not apply if the file system has no mount targets or if the associated permission group has no rules. |
Creating a backup plan for a NAS file system is considered compliant. | |
Enabling a RAM policy for a NAS file storage access point is considered compliant. | |
Configuring encryption for a NAS file system is considered compliant. | |
Do not grant public-read-write permissions to OSS buckets using ACLs | An OSS bucket is considered compliant if its access control list (ACL) does not grant public-read-write permissions. If an OSS bucket has public-read-write permissions, any visitor can write data to it, which exposes the bucket to the risk of malicious data injection. |
Enabling zone-redundant storage for an OSS bucket is considered compliant. If zone-redundant storage is not enabled, OSS cannot ensure availability and durability when a data center becomes unavailable, which can affect your data restoration objectives. | |
Enabling server-side KMS encryption for an OSS bucket is considered compliant. | |
An OSS bucket is considered compliant if TLS is enabled and the TLS version used is one of the versions specified in the parameters. The default TLS versions are TLS 1.2 and TLS 1.3. | |
Enabling cross-region replication for an OSS bucket is considered compliant. This rule depends on the detection results from Backup Disaster Recovery (BDRC). If BDRC is not activated or no detection results are available, this rule is not applicable. | |
Configure secure access in the permission policy of an OSS bucket | An OSS bucket is considered compliant if its permission policy specifies that read and write operations must use HTTPS, or that access over HTTP is denied. This rule is not applicable to OSS buckets with an empty permission policy. |
Distribute PAI Elastic Algorithm Service instances across multiple zones | PAI Elastic Algorithm Service (EAS) instances are compliant when distributed across multiple zones. |
Enable computing power health checks for PAI distributed training | Enabling computing power health checks for PAI Deep Learning Containers (DLC) is considered compliant. This rule is not applicable when no training tasks are running. |
Enable AIMaster-based fault tolerance monitoring for PAI distributed training | Enabling AIMaster-based fault tolerance monitoring for PAI Deep Learning Containers (DLC) is considered compliant. This rule is not applicable when no training tasks are running. |
Configuring multiple zones for an endpoint service is considered compliant. | |
Configuring data encryption for a Simple Log Service Logstore is considered compliant. |