- Product Introduction
- Supported Resource Types
- Purchase Guide
- Getting Started
- Operation Guide
- Resources
- Rule
- Managed Rules
- List of Managed Rule
- MFA on Sensitive Operations Required for CAM Users
- MFA on Login Required for CAM Users
- No Idle User Groups on CAM
- Association with User Group Required for CAM User
- No Authorization Policies Directly Added to CAM Sub-account
- No Administrator Access Permissions Granted to CAM Users, User Groups, or Roles
- Granting of Specific High-Risk Permissions by CAM Not Allowed
- No Idle Permission Policies on CAM
- CAM Login Permission Check
- Key of CAM User Rotated at Specified Interval
- Login by CAM User within Specified Time Range
- CVM Instance Associated with Specified Security Group
- CVM Instance Not Moved to Recycle Bin
- Association of CVM Instance with Specified Role
- CVM Instance Enabled Automatic Renewal
- Notification About Expiration for CVM Instance in Monthly Subscription or Pay-As-You-Go Mode
- No Idle Security Groups
- CVM Instance in VPC
- No CVM Instances Not Assigned to Project
- Inactive Duration of CVM Instance After Shutdown Not Exceeding Specified Number of Days
- Lease Duration of CVM Instance Meeting Requirement of Specified Number of Days
- CVM Instance Bound to IPv4 Public Address
- Specified Tag Existed for Resource
- Access to Remote Risky Ports by Security Group Not Allowed
- Access to All Ports by Security Group Not Allowed
- CBS Disk Enabled Arrear Protection
- CBS Disk Enabled Encryption
- Detachable CBS Disk Not Moved to Recycle Bin
- Number of Available IP Addresses in VPC Subnet Greater than Specified Value
- Expiration Protection for CVM Instance in Pay-As-You-Go Mode
- No Idle CBS Disks
- Using Rules
- Managing Rules
- Conformance Pack
- Settings
- FAQs
- Contact Us
- Glossary
- Product Introduction
- Supported Resource Types
- Purchase Guide
- Getting Started
- Operation Guide
- Resources
- Rule
- Managed Rules
- List of Managed Rule
- MFA on Sensitive Operations Required for CAM Users
- MFA on Login Required for CAM Users
- No Idle User Groups on CAM
- Association with User Group Required for CAM User
- No Authorization Policies Directly Added to CAM Sub-account
- No Administrator Access Permissions Granted to CAM Users, User Groups, or Roles
- Granting of Specific High-Risk Permissions by CAM Not Allowed
- No Idle Permission Policies on CAM
- CAM Login Permission Check
- Key of CAM User Rotated at Specified Interval
- Login by CAM User within Specified Time Range
- CVM Instance Associated with Specified Security Group
- CVM Instance Not Moved to Recycle Bin
- Association of CVM Instance with Specified Role
- CVM Instance Enabled Automatic Renewal
- Notification About Expiration for CVM Instance in Monthly Subscription or Pay-As-You-Go Mode
- No Idle Security Groups
- CVM Instance in VPC
- No CVM Instances Not Assigned to Project
- Inactive Duration of CVM Instance After Shutdown Not Exceeding Specified Number of Days
- Lease Duration of CVM Instance Meeting Requirement of Specified Number of Days
- CVM Instance Bound to IPv4 Public Address
- Specified Tag Existed for Resource
- Access to Remote Risky Ports by Security Group Not Allowed
- Access to All Ports by Security Group Not Allowed
- CBS Disk Enabled Arrear Protection
- CBS Disk Enabled Encryption
- Detachable CBS Disk Not Moved to Recycle Bin
- Number of Available IP Addresses in VPC Subnet Greater than Specified Value
- Expiration Protection for CVM Instance in Pay-As-You-Go Mode
- No Idle CBS Disks
- Using Rules
- Managing Rules
- Conformance Pack
- Settings
- FAQs
- Contact Us
- Glossary
Rule purpose: Check whether any idle security group exists.
Compliance evaluation logic: If all security groups have been bound, the evaluation result is "compliant".
Rule Identifier:
cvm-no-sgRisk Level: Medium
Applicable Resource Type:
QCS::VPC::SecurityGroupRule trigger type: Configuration change
Keyword: Security Group
Rule parameter: None
Yes
No
Was this page helpful?