Security Center provides the features of classified protection compliance check and ISO 27001 compliance check. You can use the features to check whether your system meets the requirements of classified protection and ISO 27001. ISO 27001 is an international standard on how to manage information security.

Background information

On December 1, 2019, GB/T 22239-2019 Information security technology-Baseline for classified protection of cybersecurity is issued and implemented. All enterprises must meet the requirements of classified protection. Alibaba Cloud meets the requirements of classified protection and provides the feature of classified protection compliance check. You can use the feature to meet the requirements of classified protection of cybersecurity in a quicker, more efficient, and continuous manner. In addition, the security capabilities of your cloud assets are improved.

ISO 27001 is an international standard on how to manage information security. An enterprise that attains the ISO 27001 certification is considered to be able to provide safe and reliable information services. The information security system of the enterprise is recognized by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Security Center provides the feature of ISO 27001 compliance check. This feature helps your enterprise attain the ISO 27001 certification.

Classified protection compliance check

Security Center provides the feature of classified protection compliance check to assess the security of your communication networks, compute environments, area borders, and management centers. You can use this feature to check whether your system meets the requirements of classified protection, and detect and handle risks at the earliest opportunity.

  1. Log on to the Security Center console. In the left-side navigation pane, choose System Configuration > Compliance.
  2. On the Security Compliance Check tab, view the check results.
    You can perform the following operations on the tab:
    • View the total number of check items and number of non-compliant items

      View the total number of check items below Check Items and the number of non-compliant items below Non-compliant Items. If you want to view the details of non-compliant items, click the number below Non-compliant Items.

    • Check host configurations

      Click Go to the compliance check function for in-depth check to go to the Baseline Check page. Then, view and handle baseline risks that are detected on your assets. For more information, see View baseline check results and handle baseline risks.

    • Search for a specific check item

      Enter the name of a check item in the search box to search for the check item. You can also search for check items by category or state. The state can be YES or NO. If you select YES, compliant items appear. If you select NO, non-compliant items appear.

  3. Handle non-compliant items.
    Find a non-compliant item and handle it based on the suggestions that are provided in the Suggestions for improvement column.
    Note Security Center checks whether your system meets the requirements of classified protection from different dimensions, such as access control and log audit. Before your system can pass the classified protection compliance check, make sure that your system has the required security capabilities and the detected risks are handled.

ISO 27001 compliance check

You do not need to manually perform ISO 27001 compliance checks. Security Center automatically performs ISO 27001 compliance checks and provides the latest check results.

  1. Log on to the Security Center console. In the left-side navigation pane, choose System Configuration > Compliance.
  2. On the ISO 27001 Compliance Check tab, view the check results.
    If this is the first time that you use Security Center, you can use the feature of ISO 27001 compliance check only after you authorize Security Center to access your cloud resources. To authorize Security Center to access your cloud resources, click Authorize Immediately.
    You can perform the following operations on the tab:
    • View the total number of check items and number of non-compliant items

      View the total number of check items that are supported by ISO 27001 compliance checks below Check Items and the number of non-compliant items below Non-compliant Items.

    • View compliant, non-compliant, or pending items

      Select YES, NO, or Pending from the drop-down list to search for compliant, non-compliant, or pending items.

  3. Handle non-compliant items.
    You can find a non-compliant item and handle it based on the suggestions that are provided in the Check item column.

    The feature of ISO 27001 compliance check checks whether your system meets ISO 27001 requirements from the following dimensions: asset management, access control, cryptography, and operation security. We recommend that you handle non-compliant items at the earliest opportunity.