Security Center provides the feature of classified protection compliance check to assess the security of your communication networks, compute environments, area borders, and management centers. You can use this feature to check whether your system meets the requirements of classified protection, and detect and handle risks at the earliest opportunity. This topic describes how to view the results of classified protection compliance check.

Background information

  • On December 1, 2019, GB/T 22239-2019 Information security technology-Baseline for classified protection of cybersecurity is issued and implemented. All enterprises must meet the requirements of classified protection. Alibaba Cloud meets the requirements of classified protection and provides the feature of classified protection compliance check. You can use the feature to meet the requirements of classified protection of cybersecurity in a quicker, more efficient, and continuous manner. In addition, the security capabilities of your cloud assets are improved.
  • Security Center automatically performs a classified protection compliance check and provides the latest check results on the Security Compliance Check tab.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Features.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Application market > Compliance.
  3. On the Security Compliance Check tab, view the check results.
    You can perform the following operations on the tab:
    • View the total number of check items and number of non-compliant items

      View the total number of check items below Check Items and the number of non-compliant items below Non-compliant Items. If you want to view the details of non-compliant items, click the number below Non-compliant Items.

    • Consult online technical support on classified protection

      Click consulting in the lower-right corner of Consultation to consult online technical support on classified protection. The online consulting service is available from 09:00 to 17:00 on business days.

    • Check host configurations

      Click Go to the compliance check function for in-depth check to go to the Baseline Check page. Then, view and handle baseline risks detected in your assets. For more information, see View and manage baseline risks.

    • Search for a specific check item

      Enter the name of a check item in the search box to search for the check item. You can also search for check items by category or state. The state can be YES or NO. If you select YES, compliant items appear. If you select NO, non-compliant items appear.

  4. Handle non-compliant items.
    Find a non-compliant item and handle it based on the suggestions provided in the Suggestions for improvement column. Suggestions for improvement
    Note Security Center checks whether your system meets the requirements of classified protection from different dimensions, such as access control and log audit. Before your system can pass the classified protection compliance check, make sure that your system has the required security capabilities and the detected risks are handled.