Evaluates whether all HTTPS listeners of a Server Load Balancer (SLB) instance use a specified security policy suite version. If all listeners use the specified version, the evaluation result is Compliant.
Scenarios
Transport Layer Security (TLS) security policies help ensure the security, integrity, and reliability of data transferred over the Internet. Later TLS versions provide stronger HTTPS communication security.
Risk level
Default risk level: high.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
-
If the HTTPS listeners of each SLB instance use a specified security policy suite version, the evaluation result is Compliant.
-
If some HTTPS listeners of an SLB instance do not use a specified security policy suite version, the evaluation result is Non-compliant.
-
For SLB instances without HTTPS listeners, the evaluation result is Not Applicable.
Rule details
|
Item |
Description |
|
Rule name |
slb-all-listenter-tls-policy-check |
|
Rule ID |
|
|
Tag |
SLB and LoadBalancer |
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic execution |
|
Evaluation frequency |
Every 24 hours |
|
Supported resource type |
SLB instance |
|
Input parameter |
tlsCipherPolicy. Default value: tls_cipher_policy_1_2, tls_cipher_policy_1_2_strict, or tls_cipher_policy_1_2_strict_with_1_3 |
Non-compliance remediation
Ensure that all HTTPS listeners of each SLB instance use a specified security policy suite version. For more information, see TLS security policies.