All Products
Search

This Product

    Cloud Config:nas-access-group-public-access-check

    Document Center

    Cloud Config:nas-access-group-public-access-check

    Last Updated:Nov 01, 2024

    Checks whether 0.0.0.0/0 is specified as the authorized object of a rule in a permission group in File Storage NAS (NAS).

    Scenarios

    You can specify IP addresses or CIDR blocks in rules that are added to a permission group in NAS. This restricts the service scope of specific NAS file systems and ensures network security in the cloud environment.

    Risk level

    Default risk level: high.

    When you apply this rule, you can change the risk level based on your business requirements.

    Compliance evaluation logic

    • If 0.0.0.0/0 is not specified as the authorized object of any rule in any permission group in NAS, the evaluation result of the rule is Compliant.

    • If 0.0.0.0/0 is specified as the authorized object of a rule in a permission group in NAS, the evaluation result of the rule is Non-compliant. For more information about how to remediate a non-compliant configuration, see Non-compliance remediation.

    Rule details

    Item

    Description

    Rule name

    nas-access-group-public-access-check

    Rule identifier

    nas-access-group-public-access-check

    Tag

    NAS and AccessGroup

    Automatic remediation

    Not supported

    Trigger type

    Periodic execution

    Evaluation frequency

    Every 24 hours

    Supported resource type

    NAS file system

    Input parameter

    N/A

    Non-compliance remediation

    Find the permission group whose configuration is non-compliant and add a rule that implements access control to the permission group. For more information, see Manage permission groups.