Security Center checks your Alibaba Cloud environment against two compliance standards: China's classified protection requirements (GB/T 22239-2019) and the international ISO 27001 standard. View check results at any time to see which items pass, which fail, and how to fix them.
Classified protection compliance check
Classified protection (等级保护) is China's mandatory cybersecurity framework, defined in GB/T 22239-2019 and effective December 1, 2019. Alibaba Cloud meets the requirements of classified protection. Security Center evaluates your environment across four dimensions: communication networks, compute environments, area borders, and management centers.
Run a classified protection check
Log on to the Security Center console. In the top navigation bar, select the region of the asset to manage. Supported regions: China and Outside China.
In the left-side navigation pane, choose System Configuration > Compliance.
On the Security Compliance Check tab, review the check results:
Check Items — total number of items evaluated
Non-compliant Items — number of items that failed; click the number to view details
To investigate host-level risks in depth, click Go to the compliance check function for in-depth check to open the Baseline Check page. For details, see View baseline check results and handle baseline risks.
To find a specific item, enter its name in the search box, or filter by category or compliance state:
State Meaning YES Compliant NO Non-compliant
Remediate non-compliant items
For each non-compliant item, follow the guidance in the Suggestions for improvement column.
Security Center evaluates compliance across multiple dimensions, including access control and log audit. Make sure all detected risks are remediated before expecting a full pass.
ISO 27001 compliance check
ISO 27001 is the international standard for information security management, administered by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Enterprises that achieve ISO 27001 certification demonstrate that their information security practices meet internationally recognized requirements and are considered able to provide safe and reliable information services.
Security Center runs ISO 27001 compliance checks automatically — no manual triggering required. Checks cover four domains: asset management, access control, cryptography, and operation security.
View ISO 27001 check results
Log on to the Security Center console. In the top navigation bar, select the region of the asset to manage. Supported regions: China and Outside China.
In the left-side navigation pane, choose System Configuration > Compliance.
On the ISO 27001 Compliance Check tab, review the check results. If this is your first time using Security Center, you can use the ISO 27001 compliance check feature only after you authorize Security Center to access your cloud resources. Click Authorize Immediately to grant access.
Check Items — total number of ISO 27001 controls evaluated
Non-compliant Items — number of controls that failed
Filter items by compliance state using the drop-down list:
State Meaning YES Compliant NO Non-compliant Pending Evaluation in progress
Remediate non-compliant items
For each non-compliant item, follow the guidance in the Check item column. Address non-compliant items promptly to maintain your certification posture.