DocsICP FilingConsole
官方文档
首页

rds-instance-enabled-byok-tde

更新时间:
复制 MD 格式
产品详情
我的收藏

An ApsaraDB RDS instance is compliant if Transparent Data Encryption (TDE) is enabled with a custom key (BYOK).

Scenarios

Encrypting data with custom keys (BYOK) for ApsaraDB RDS instances helps meet regulatory requirements and improve data security.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the TDE feature is enabled for the custom keys of each ApsaraDB RDS instance, the evaluation result is Compliant.
  • If the TDE feature is disabled for the custom keys of an ApsaraDB RDS instance, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.

Rule details

Item Description
Rule name rds-instance-enabled-byok-tde
Rule identifier rds-instance-enabled-byok-tde
Tag RDS and TDE
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Every 24 hours
Supported resource type ApsaraDB RDS instance
Input parameter None.

Incompliance remediation

Enable the TDE feature for the custom keys of each ApsaraDB RDS instance. For more information, see Configure Transparent Data Encryption (TDE).

Previous:rds-instance-enabled-tdeNext:rds-instance-enabled-disk-encryption