Alibaba Cloud service | Managed rule | OOS template ID for automatic remediation | Precheck supported |
Alibaba Cloud CDN (CDN) | cdn-domain-https-enabled | None | No |
cdn-domain-enabled-cache | None | No |
cdn-domain-oss-source-check | None | No |
cdn-domain-tls13-enabled | None | No |
ActionTrail | actiontrail-enabled | None | No |
actiontrail-trail-intact-enabled | None | No |
Elastic Compute Service (ECS) | ecs-disk-encrypted | None | Yes |
ecs-instance-expired-check | None | No |
ecs-instances-in-vpc | None | No |
ecs-cpu-min-count-limit | None | No |
ecs-desired-instance-type | None | No |
ecs-gpu-min-count-limit | None | No |
ecs-memory-min-size-limit | None | Yes |
ecs-disk-in-use | None | No |
ecs-instance-no-public-ip | None | Yes |
eip-attached | None | No |
ecs-instance-imageId-check | None | Yes |
ecs-instance-attached-security-group | None | Yes |
ecs-instance-deletion-protection-enabled | ACS-ECS-BulkyEnableDeletionProtection | Yes |
ecs-command-exclude-sensitive-content | None | No |
ecs-instance-status-no-stopped | None | No |
sg-public-access-check | None | Yes |
sg-risky-ports-check | None | Yes |
ecs-instance-no-lock | None | No |
ess-group-health-check | None | No |
ecs-disk-auto-snapshot-policy | None | Yes |
ecs-disk-no-lock | None | No |
ecs-disk-retain-auto-snapshot | None | Yes |
ecs-snapshot-retention-days | None | No |
ecs-instance-chargetype-check | None | Yes |
ecs-security-group-not-used | None | No |
ecs-instance-login-use-keypair | None | Yes |
ecs-internet-charge-type-check | None | No |
ecs-internetmaxbandwidth-check | None | No |
ecs-instance-running-process-check | None | No |
ecs-instance-installed-software-check | None | No |
ecs-available-disk-encrypted | None | No |
ecs-in-use-disk-encrypted | None | No |
ecs-instance-image-type-check | None | No |
ecs-system-disk-encrypted | None | No |
ecs-instance-auto-renewal-enabled | None | No |
ecs-system-disk-size-check | None | No |
ecs-instance-enabled-security-protection | None | No |
ecs-security-group-description-check | None | Yes |
ecs-instance-updated-security-vul | None | No |
ecs-instance-monitor-enabled | None | No |
ecs-instance-meta-data-mode-check | None | No |
ecs-security-group-not-open-all-port | None | Yes |
ecs-security-group-not-open-all-protocol | None | Yes |
ecs-security-group-not-internet-cidr-access | None | Yes |
ecs-security-group-white-list-port-check | None | Yes |
sg-risky-ports-check | None | No |
ecs-running-instances-in-vpc | ACS-ECS-BulkyStopClassicInstances | No |
ecs-running-instance-no-public-ip | ACS-ECS-BulkyStopInstancesWithPublicIp | No |
resources-inherit-tags-from-ecs-instance | None | No |
ecs-instance-running-process-disabled | None | No |
ecs-instance-post-paid-stopped-mode-check | None | No |
ecs-instance-enable-security-center-anti-rule | None | No |
ecs-instance-os-name-check | None | Yes |
ecs-snapshot-policy-timepoints-check | None | No |
ecs-launch-template-version-attach-security-group | None | No |
ecs-launch-template-version-data-disk-encrypted | None | No |
ecs-launch-template-version-system-disk-encrypted | None | No |
ecs-disk-all-encrypted-by-kms | None | No |
ecs-disk-idle-check | None | No |
ecs-instance-image-expired-check | None | No |
ecs-instance-not-bind-key-pair | None | No |
ecs-instance-ram-role-attached | None | No |
ecs-instance-type-family-not-deprecated | None | No |
ecs-instance-use-specified-owner-image | None | No |
ecs-security-group-type-not-normal | None | No |
privatelink-service-endpoint-multi-zone | None | No |
ecs-launch-template-version-image-type-check | None | No |
ecs-cpu-max-utilization-check | None | No |
resources-inherit-resourcegroup-from-ecs-disk | ACS-Config-ResourceManager-BulkyMoveResources | No |
resources-inherit-tags-from-ecs-disk | ACS-TAG-TagResourcesIgnoreCaseSensitive | No |
resources-inherit-resourcegroup-from-ecs-networkinterface | ACS-Config-ResourceManager-BulkyMoveResources | No |
Dedicated Host (DDH) | ddh-cpu-min-count-limit | None | No |
ddh-memory-min-size-limit | None | No |
ddh-socket-min-count-limit | None | No |
Elastic IP Address (EIP) | eip-bandwidth-limit | None | No |
eip-address-expired-check | None | No |
ess-scaling-configuration-enabled-internet-check | None | No |
ess-scaling-group-attach-slb | None | No |
ess-scaling-group-attach-multi-switch | None | No |
eip-idle-check | None | No |
eip-delete-protection-enabled | None | No |
ApsaraDB RDS | rds-min-maxiops-limit | None | No |
rds-desired-instance-type | None | No |
rds-instances-in-vpc | None | No |
rds-memory-min-size-limit | None | Yes |
rds-cpu-min-count-limit | None | No |
rds-instance-storage-min-size-limit | None | No |
rds-high-availability-category | None | No |
rds-multi-az-support | None | No |
rds-public-access-check | ACS-RDS-ReleaseInstancePublicConnection | No |
rds-instance-enabled-ssl | None | No |
rds-instance-enabled-tde | None | No |
rds-instance-enabled-security-ip-list | ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray | Yes |
rds-dbinstance-nettype-intranet-limit | None | No |
rds-connectionmode-safe-enabled | None | No |
rds-instance-enabled-auditing | ACS-RDS-BulkyModifySQLCollectorPolicy | No |
rds-instance-sql-collector-retention | ACS-RDS-BulkyModifySQLCollectorRetention | No |
rds-postgresql-parameter-log-connections | None | No |
rds-postgresql-parameter-log-disconnections | None | No |
rds-postgresql-parameter-log-duration | None | No |
rds-event-log-enabled | ACS-RDS-BulkyModifyActionEventPolicy | No |
rds-instance-expired-check | None | Yes |
rds-instance-enabled-log-backup | None | No |
rds-instance-enabled-disk-encryption | None | No |
rds-instance-enabled-byok-tde | None | No |
rds-instance-delete-protection-enabled | None | No |
rds-account-managed-by-kms | None | No |
rds-instance-maintain-time-check | None | No |
rds-public-and-any-ip-access-check | None | No |
rds-instance-class-type-check | None | No |
rds-instance-monitored-second-level | None | No |
rds-instance-category-check | None | No |
rds-instance-enabled-safety-security-ip | ACS-RDS-BulkyMigrateSecurityIPMode | No |
rds-instance-has-guard-instance | None | No |
rds-instance-sync-mode-check | None | No |
rds-instance-tls-version-check | None | No |
rds-public-connection-and-any-ip-access-check | None | No |
ApsaraDB for Redis | redis-min-qps-limit | None | No |
redis-min-bandwidth-limit | None | No |
redis-min-capacity-limit | None | No |
redis-instance-in-vpc | None | No |
redis-public-access-check | ACS-Redis-BulkyDeleteSecurityIpFromInstanceIPArray | Yes |
redis-architecturetype-cluster-check | None | No |
redis-instance-release-protection | None | No |
redis-instance-disable-risk-commands | ACS-Redis-BulkyModifyInstanceConfig | No |
redis-instance-expired-check | None | No |
redis-instance-enabled-audit-log | ACS-REDIS-BulkyModifyAuditLogConfig | No |
redis-instance-audit-log-retention | ACS-REDIS-BulkyModifyAuditLogConfig | No |
redis-instance-enabled-tde | None | No |
redis-instance-open-auth-mode | None | No |
redis-instance-multi-zone | None | No |
redis-instance-no-public-ip | ACS-Redis-ReleaseInstancePublicConnection | No |
redis-instance-enabled-tls | None | No |
redis-instance-enabled-byok-tde | None | No |
redis-instance-double-node-type | None | No |
redis-public-and-any-ip-access-check | None | No |
redis-instance-backup-time-check | None | No |
redis-instance-backup-log-enabled | None | No |
redis-instance-edition-type-check | None | No |
redis-instance-tair-type-close-aof | None | No |
redis-instance-upgrade-latest-version | None | No |
ApsaraDB for MongoDB | mongodb-instance-in-vpc | None | No |
mongodb-public-access-check | None | No |
mongodb-min-maxiops-limit | None | No |
mongodb-min-maxconnections-limit | None | No |
mongodb-instance-release-protection | None | No |
mongodb-instance-lock-mode | None | No |
mongodb-instance-log-audit | None | No |
mongodb-cluster-expired-check | None | No |
mongodb-public-and-any-ip-access-check | None | No |
mongodb-instance-class-not-shared | None | No |
mongodb-instance-backup-log-enabled | None | No |
mongodb-instance-multi-node | None | No |
mongodb-instance-multi-zone | None | No |
PolarDB | polardb-dbcluster-in-vpc | None | No |
polardb-public-access-check | None | Yes |
polardb-cluster-category-normal | None | No |
polardb-cluster-expired-check | None | No |
polardb-dbversion-status-check | None | No |
polardb-cluster-enabled-tde | None | No |
polardb-cluster-enabled-ssl | None | No |
polardb-cluster-enabled-auditing | None | No |
polardb-cluster-default-time-zone-not-system | None | No |
polardb-readonly-address-auto-add-new-node-disabled | None | No |
polardb-cluster-log-backup-retention | None | No |
polardb-cluster-level-two-backup-retention | None | No |
polardb-cluster-level-one-backup-retention | None | No |
polardb-cluster-accpunts-description-not-empty | None | No |
polardb-cluster-address-connection-persist-check | None | No |
polardb-cluster-address-consist-level-check | None | No |
polardb-cluster-address-read-write-enabled | None | No |
polardb-cluster-address-auto-add-new-node-enabled | None | No |
polardb-cluster-address-no-public | None | No |
polardb-cluster-delete-protection-enabled | None | No |
polardb-cluster-maintain-time-check | None | No |
polardb-public-and-any-ip-access-check | None | No |
polardb-instance-sub-category-exclusive | None | No |
polardb-cluster-address-check | None | No |
polardb-cluster-address-distributed-transaction-disabled | None | No |
polardb-cluster-address-master-accept-reads | None | No |
polardb-cluster-multi-zone | None | No |
polardb-primary-address-check | None | No |
polardb-readonly-address-check | None | No |
polardb-x1-instance-expired-check | None | No |
polardb-x2-instance-expired-check | None | No |
Object Storage Service (OSS) | oss-bucket-public-read-prohibited | ACS-OSS-PutBucketAcl | No |
oss-bucket-public-write-prohibited | ACS-OSS-PutBucketAcl | Yes |
oss-zrs-enabled | None | No |
oss-bucket-versioning-enabled | None | No |
oss-bucket-logging-enabled | None | Yes |
oss-default-encryption-kms | None | No |
oss-bucket-server-side-encryption-enabled | ACS-OSS-PutBucketEncryption | No |
oss-bucket-name-regex-match | None | No |
oss-bucket-referer-enabled | None | No |
oss-bucket-referer-limit | ACS-OSS-PutBucketReferer | No |
oss-bucket-anonymous-prohibited | None | No |
oss-bucket-only-https-enabled | None | No |
oss-bucket-authorize-specified-ip | None | No |
oss-bucket-policy-no-any-anonymous | None | Yes |
oss-encryption-byok-check | None | No |
oss-bucket-logging-prefix-match | None | Yes |
Resource Access Management (RAM) | ram-user-login-check | None | No |
ram-password-policy-check | ACS-RAM-SetPasswordPolicy | No |
ram-policy-in-use-check | None | No |
ram-risky-policy-user-mfa-check | None | No |
ram-group-has-member-check | None | No |
ram-policy-no-statements-with-admin-access-check | None | No |
ram-user-no-policy-check | None | No |
ram-user-group-membership-check | None | No |
ram-user-last-login-expired-check | None | No |
ram-user-mfa-check | ACS-ECS-BulkyUpdateLoginProfile | No |
ram-user-ak-create-date-expired-check | None | No |
ram-user-ak-used-expired-check | None | No |
ram-user-invalid-ak-check | None | No |
root-ak-check | None | No |
root-mfa-check | None | No |
ram-user-specified-permission-bound | None | No |
ram-user-active-ak-check | None | No |
ram-user-no-product-admin-access | None | No |
ram-role-no-product-admin-access | None | No |
ram-group-in-use-check | None | No |
root-has-specified-role | None | No |
ram-user-has-specified-policy | None | No |
ram-role-has-specified-policy | None | No |
ram-user-sso-enabled | None | No |
ram-user-no-has-specified-policy | None | No |
cloudsso-directory-saml-expired-check | None | No |
cloudsso-scim-credential-expired-check | None | No |
ram-policy-no-has-specified-document | None | No |
ram-role-sso-saml-enabled | None | No |
ram-user-activated-ak-quantity-check | None | No |
ram-user-role-no-product-admin-access | None | No |
account-no-has-ram-user | None | No |
Tag | required-tags | ACS-TAG-TagResources | No |
required-any-tags | None | No |
contains-tag | None | No |
contains-all-tag | None | No |
resources-tags-not-empty | None | No |
matched-tag | ACS-TAG-TagResources | No |
Virtual Private Cloud (VPC) | vpn-ipsec-connection-status-check | None | No |
vpn-ipsec-connection-health-check-open | None | No |
vpc-flow-logs-enabled | None | No |
vpc-secondary-cidr-route-check | None | No |
vswitch-available-ip-count | None | No |
region-vswitch-no-crossed-cidr | None | No |
express-connect-opposite-interface-owner-check | None | No |
Server Load Balancer (SLB) | slb-loadbalancer-bandwidth-limit | None | Yes |
slb-acl-public-access-check | None | No |
slb-aliyun-certificate-required | None | No |
slb-listener-https-enabled | None | Yes |
slb-no-public-ip | None | Yes |
slb-delete-protection-enabled | ACS-SLB-BulkySetLoadBalancerDeleteProtection | Yes |
slb-loadbalancer-in-vpc | None | Yes |
slb-status-active-check | None | No |
slb-modify-protection-check | ACS-SLB-BulkySetLoadBalancerModificationProtection | Yes |
slb-server-certificate-expired | None | No |
slb-instance-expired-check | None | No |
slb-instance-autorenewal-check | None | Yes |
slb-instance-loadbalancerspec-check | None | Yes |
slb-backendserver-weight-check | None | No |
slb-acl-has-specified-ip | None | No |
slb-listener-risk-ports-check | None | Yes |
slb-acl-no-has-specified-ip | None | No |
slb-instance-spec-check | None | Yes |
slb-all-listener-enabled-acl | None | No |
slb-all-listener-health-check-enabled | None | No |
slb-instance-multi-zone | None | Yes |
clb-prepaid-instance-idle-check | None | No |
slb-all-listener-servers-multi-zone | None | No |
slb-all-listener-has-server | None | No |
slb-all-listener-tls-policy-check | None | No |
slb-default-server-group-multi-server | None | No |
slb-instance-default-server-group-multi-zone | None | No |
slb-instance-idle-check | None | No |
slb-instance-log-enabled | None | No |
slb-master-slave-server-group-multi-zone | None | No |
slb-server-certificate-expired | None | No |
slb-vserver-group-multi-zone | None | No |
resources-inherit-resourcegroup-from-slb-loadbalancer | ACS-Config-ResourceManager-BulkyMoveResources | No |
Container Service for Kubernetes (ACK) | ack-cluster-public-endpoint-check | None | No |
ack-cluster-deletion-protection-enabled | None | No |
ack-cluster-network-type-check | None | No |
ack-cluster-node-monitorenabled | None | No |
ack-cluster-rrsa-enabled | None | No |
ack-cluster-spec-check | None | No |
ack-cluster-upgrade-latest-version | None | No |
ack-running-cluster-node-monitorenabled | None | No |
ack-cluster-control-plane-log-enable | None | No |
ack-cluster-security-inspector-enabled | None | No |
ack-cluster-ram-authenticator-enabled | None | No |
ack-cluster-pro-spec-used | None | No |
ack-cluster-node-pools-management-enabled | None | No |
ack-cluster-node-pools-auto-scaling-enabled | None | No |
ack-cluster-node-multi-zone | None | No |
ack-cluster-has-policy-check | None | No |
ack-cluster-encryption-enabled | None | No |
ack-cluster-cost-exporter-enabled | None | No |
ack-cluster-configuation-inspect-enabled | None | No |
ack-cluster-api-server-audit-log-enabled | None | No |
ack-cluster-advanced-audit-enabled | None | No |
Resource Management | resource-region-limit | None | No |
resources-inherit-tags-from-resource-group | ACS-TAG-TagResourcesIgnoreCaseSensitive | No |
resource-name-regex-match | None | No |
resourcemanager-account-type-check | None | No |
resources-inherit-resourcegroup-from-ecs-instance | ACS-Config-ResourceManager-BulkyMoveResources | No |
resource-group-default-used-check | None | No |
Security Center | security-center-version-check | None | No |
security-center-notice-config-check | None | No |
ecs-all-enabled-security-protection | None | No |
ecs-all-updated-security-vul | None | No |
security-center-leak-ak-check | None | No |
security-center-image-vul-check | None | No |
security-center-weak-password-check | None | No |
security-center-concern-necessity-check | None | No |
security-center-defense-config-check | None | No |
security-center-fingerprint-collect-enabled | None | No |
ApsaraDB for HBase | hbase-cluster-type-check | None | No |
hbase-cluster-in-vpc | None | No |
hbase-cluster-ha-check | None | No |
hbase-cluster-deletion-protection | None | No |
hbase-cluster-expired-check | None | No |
hbase-public-access-check | None | No |
Web Application Firewall (WAF) | waf-instance-logging-enabled | ACS-WAF-BulkyModifyLogServiceStatus | No |
waf-domain-enabled-specified-protection-module | None | No |
waf-domain-enabled-specified-protection-mode | None | No |
api-gateway-group-domain-access-waf | None | No |
waf3-instance-enabled-specified-defense-rules | None | No |
Key Management Service (KMS) | kms-key-delete-protection-enabled | ACS-KMS-BulkySetDeletionProtection | No |
kms-key-rotation-enabled | ACS-KMS-BulkyUpdateRotationPolicy | No |
kms-secret-rotation-enabled | None | No |
kms-key-state-not-pending-deletion | None | No |
kms-key-origin-not-external | None | No |
NAT Gateway | nat-risk-ports-check | ACS-VPC-BulkyDeleteForwardEntry | No |
natgateway-delete-protection-enabled | None | No |
internet-nat-gateway-in-specified-vpc | None | No |
intranet-nat-gateway-in-specified-vpc | None | No |
not-use-specified-type-nat-gateway | None | No |
natgateway-eip-used-check | None | No |
natgateway-snat-eip-bandwidth-check | None | No |
internet-natgateway-idle-check | None | No |
intranet-natgateway-idle-check | None | No |
resources-inherit-resourcegroup-from-nat-natgateway | ACS-Config-ResourceManager-BulkyMoveResources | No |
Apsara File Storage NAS (NAS) | nas-filesystem-status-check | None | No |
nas-filesystem-encrypt-type-check | None | Yes |
nas-access-group-public-access-check | None | No |
nas-filesystem-recycle-bin-check | None | No |
nas-filesystem-enable-backup-plan | None | No |
nas-filesystem-mount-target-access-group-check | None | No |
nas-filesystem-idle-check | None | No |
Cloud Enterprise Network (CEN) | cen-bandwidth-package-expired-check | None | No |
cen-cross-region-bandwidth-check | None | No |
cen-all-vbr-health-check-enabled | None | No |
Internet Shared Bandwidth | cbwp-bandwidth-package-expired-check | None | Yes |
cbwp-bandwidth-package-idle-check | None | No |
Bastionhost | bastionhost-instance-expired-check | None | No |
API Gateway | api-gateway-api-visibility-private | None | No |
api-gateway-api-internet-request-https | ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy | No |
api-gateway-group-https-policy-check | None | No |
api-gateway-group-bind-domain | None | No |
api-gateway-group-enabled-ssl | None | No |
api-gateway-api-auth-jwt | None | No |
api-gateway-api-auth-required | None | No |
api-gateway-group-domain-access-waf-or-waf3 | None | No |
Function Compute | fc-service-vpc-binding | None | No |
fc-trigger-http-not-anonymous | None | No |
fc-service-tracing-enable | None | No |
fc-function-custom-domain-and-tls-enable | None | No |
fc-function-custom-domain-and-cert-enable | None | No |
fc-function-custom-domain-and-https-enable | None | No |
fc-function-internet-and-custom-domain-enable | None | No |
fc-service-internet-access-disable | None | No |
fc-service-bind-role | None | No |
fc-service-log-enable | None | No |
Elasticsearch | elasticsearch-instance-in-vpc | None | No |
elasticsearch-instance-enabled-kibana-public-check | None | Yes |
elasticsearch-instance-enabled-data-node-encryption | None | No |
elasticsearch-instance-enabled-public-check | None | Yes |
elasticsearch-public-and-any-ip-access-check | None | No |
elasticsearch-instance-multi-zone | None | No |
elasticsearch-instance-node-not-use-specified-spec | None | No |
elasticsearch-instance-snapshot-enabled | None | No |
elasticsearch-instance-used-https-protocol | None | No |
elasticsearch-instance-version-not-deprecated | None | No |
Cloud Firewall (CFW) | cloud-fire-wall-all-asset-open | None | No |
cloud-fire-wall-no-matched-control-policy | None | No |
cloud-fire-wall-has-matched-control-policy | None | No |
Simple Log Service | sls-logstore-enabled-encrypt | None | No |
sls-logstore-hot-ttl-check | None | No |
ApsaraDB for OceanBase | oceanbase-instance-enabled-ssl | None | No |
oceanbase-tenant-security-ip-check | None | No |
oceanbase-tenant-enabled-encryption | None | No |
oceanbase-instance-enabled-backup | None | No |
oceanbase-instance-enabled-sql-diagnosis | None | No |
oceanbase-public-and-any-ip-access-check | None | No |
Container Registry | cr-repository-type-private | None | Yes |
cr-repository-immutablity-enable | None | No |
cr-instance-any-ip-access-check | None | No |
cr-instance-public-access-check | None | No |
cr-instance-idle-check | None | No |
cr-repository-tag-expired-check | None | No |
Tablestore | ots-instance-network-not-normal | None | Yes |
ots-instance-all-table-encrypted | None | No |
Application Load Balancer (ALB) | alb-delete-protection-enabled | None | No |
alb-address-type-check | None | No |
alb-all-listener-enabled-acl | None | No |
alb-acl-public-access-check | None | No |
alb-acl-no-has-specified-ip | None | No |
alb-acl-has-specified-ip | None | No |
alb-instance-multi-zone | None | No |
alb-server-group-multi-server | None | No |
alb-all-listener-health-check-enabled | None | No |
alb-all-listener-has-server | None | No |
alb-instance-idle-check | None | No |
alb-server-group-multi-zone | None | No |
Alibaba Cloud DNS | alidns-domain-regex-match | None | No |
Microservices Engine (MSE) | mse-cluster-config-auth-enabled | None | No |
mse-cluster-internet-check | None | No |
AnalyticDB for MySQL | adb-public-access-check | None | No |
adb-cluster-maintain-time-check | None | No |
adb-cluster-audit-log-enabled | None | No |
adb-cluster-log-backup-enabled | None | No |
adb-cluster-expired-check | None | No |
Lindorm | tsdb-instance-public-access-check | None | No |
tsdb-instance-security-ip-check | None | No |
CloudMonitor | cms-created-rule-for-specified-product | None | No |
ApsaraMQ for Kafka | kafka-instance-public-access-check | None | No |
ons-instance-type-check | None | No |
Auto Scaling | ess-scaling-configuration-attach-security-group | None | No |
ess-scaling-configuration-data-disk-encrypted | None | No |
ess-scaling-configuration-system-disk-encrypted | None | No |
ess-scaling-configuration-image-type-check | None | No |
VPN Gateway | vpn-gateway-disable | None | No |
vpn-ipsec-connection-encrypt-enable | None | No |
vpn-gateway-idle-check | None | No |
vpn-gateway-status-check | None | No |
Anti-DDoS | ddoscoo-instance-expired-check | None | No |
Data Transmission Service (DTS) | dts-instance-migration-job-ssl-enabled | None | No |
dts-instance-subscribe-job-ssl-enabled | None | No |
dts-instance-sync-job-ssl-enabled | None | No |
Elastic Container Instance | eci-container-group-volumn-mounts | None | No |
MaxCompute | maxcompute-project-encryption-enabled | None | No |