The NLB instance listener is considered compliant if it uses a security policy within the specified range.
Scenarios
By configuring a specified security policy for an NLB instance listeners, you can implement fine-grained control over the security of access traffic. This ensures that only requests complying with predefined rules can enter the system, effectively mitigating potential threats.
Risk level
Default risk level: high.
You can adjust the risk level based on your business requirements when applying this rule.
Detection logic
An NLB instance listener is considered compliant. if it uses a security policy within the configured range. Listeners without TCP or SSL protocol configurations are considered not applicable.
Rule details
Parameter | Description |
Rule name | NLB instance listener uses specified security policy |
Rule template identity | |
Automatic remediation | Not supported |
Invoke Type | 24-hour cycle, configuration change |
Resource type evaluated by the rule | ACS::NLB::LoadBalancer |
Input parameter | securityPolicyId (default value: tls_cipher_policy_1_2, tls_cipher_policy_1_2_strict, tls_cipher_policy_1_2_strict_with_1_3) |
Remediation guidance
For more information, see TLS security policy.