Use this feature to verify that your system meets classified protection compliance requirements and complies with the ISO 27001 international standard for information security management.
Background information
The Basic Requirements for Classified Protection of Cybersecurity (GB/T 22239-2019 Information Security Technology) and its related standards took effect on December 1, 2019. Adhering to this classified protection system is a fundamental responsibility for all businesses and organizations in China. Alibaba Cloud not only ensures that its own cloud platform meets these basic requirements but also provides the classified protection compliance check feature. This feature helps you implement the classified protection system quickly, efficiently, and continuously improve the security of your cloud-based business systems.
ISO 27001 certification provides internationally recognized validation of an enterprise's information security system, proving its capability to provide secure and reliable information services. Security Center provides the ISO 27001 compliance check feature to help you pass ISO 27001 certification.
Classified protection compliance check
The classified protection compliance check provides comprehensive cybersecurity checks covering communication networks, regional boundaries, computing environments, and management centers. You can use this feature to verify that your system meets classified protection compliance requirements and to promptly identify and address security risks.
Log on to the Security Center console. In the left-side navigation pane, choose .
On the Security Compliance Check tab, view the check result statistics.
View the total number of check items and non-compliant items
In the Total Check Items and Non-compliant Items sections, view the total number of supported check items and non-compliant items. Click Non-compliant Items to go directly to the list of non-compliant check items.
Online consultation for classified protection issues
Click Consult to the right of Contact Us to open a chat window and ask questions about classified protection. This service is available from 09:00 to 17:00 on weekdays.
Host Configuration Check
Click Click here to configure to go to the Baseline Check page, where you can view and handle baseline issues on your assets. For more information, see View and handle baseline check results.
Search for a specific check item
In the search box, filter by check item category and compliance status, or enter the name of a check item to view matching results.
Remediate non-compliant check items.
Follow the instructions in the Improvement Suggestion column to remediate non-compliant check items.
NoteThe classified protection compliance check in Security Center detects whether your system has the required security capabilities, such as access control and log audit. To pass the classified protection assessment, you must implement these capabilities and resolve all detected issues.
ISO 27001 compliance check results
You do not need to manually run an ISO 27001 compliance check. Each time you visit the ISO 27001 compliance check page, Security Center automatically runs the check and provides the latest results.
Log on to the Security Center console. In the left-side navigation pane, choose .
On the ISO 27001 Compliance Check tab, view the statistics and the list of results.
The first time you use this feature, you must click Authorize Now to grant the required permissions. Security Center uses these permissions to access your cloud resources and perform ISO 27001 compliance checks.
You can perform the following operations:
View the total number of check items and non-compliant items
In the Total Check Items and Non-compliant Items sections, view the total number of supported check items and non-compliant items.
View compliant, non-compliant, or in-progress check items
In the search box, filter by compliance status, such as Compliant, Non-compliant, or In Progress, to view the corresponding list of check items.
Remediate non-compliant check items.
Follow the instructions in the Improvement Suggestion column to remediate non-compliant check items.
The ISO 27001 compliance check in Security Center detects whether your system meets ISO 27001 certification requirements in areas such as asset management, access control, cryptography, and operations security. Remediate non-compliant items promptly.