Evaluates whether transparent data encryption (TDE) is enabled for PolarDB clusters. A cluster with TDE enabled is evaluated as Compliant.
Scenarios
Use this rule to verify that PolarDB clusters have TDE enabled, helping you meet security and regulatory requirements. TDE performs real-time I/O encryption and decryption on data files. Data is encrypted before it is written to disk and decrypted when it is read from disk into memory.
Risk level
Default risk level: medium.
You can change the risk level based on your business requirements when you apply this rule.
Compliance evaluation logic
- If TDE is enabled for a PolarDB cluster, the evaluation result is Compliant.
- If TDE is disabled for a PolarDB cluster, the evaluation result is Incompliant. To remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | polardb-cluster-enabled-tde |
| Rule identifier | polardb-cluster-enabled-tde |
| Tag | PolarDB and TDE |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Every 24 hours |
| Supported resource type | PolarDB cluster |
| Input parameter | None. |
Incompliance remediation
Enable TDE for the PolarDB cluster. For more information, seeConfigure Transparent Data Encryption (TDE).
该文章对您有帮助吗?