If an encryption algorithm is enabled for each VPN connection, the evaluation result is Compliant.
Scenarios
You can configure encrypted certificates to encrypt transferred data. This can ensure data confidentiality and integrity during data transfer.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If an encryption algorithm is enabled for each VPN connection, the evaluation result is Compliant.
- If no encryption algorithm is enabled for any VPN connection, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.
Rule details
| Parameter | Description |
|---|---|
| Rule name | vpn-ipsec-connection-encrypt-enable |
| Rule ID | vpn-ipsec-connection-encrypt-enable |
| Tag | VPN and VpnGateway |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | IPsec-VPN connection |
| Input parameter | None |
Incompliance remediation
Enable encryption algorithms for your VPN connections. For more information, see Create and manage a VPN gateway.