Operations Audit and Risk Control

Why is it necessary to conduct operation and maintenance audits and risk control?
New compliance requirements:

Article 21 of the Cybersecurity Law clearly stipulates that network operators shall, in accordance with the requirements of the network security level protection system, ensure authorized access to the network, prevent theft, and establish responsibility. Network incidents shall be retained for at least six months. Dengbao 2.0 puts forward clear management requirements for identity authentication, access control, security auditing, cloud security, and other aspects.

What is the Operations Audit and Risk Control System?
The operation and maintenance audit and risk control system is an operation gateway that centrally controls the operational behavior of operation and maintenance personnel on the operation and maintenance objects. It implements account management, authentication management, authorization management, and operation audit during this process.

Capability of operation and maintenance audit and risk control system
User decentralization management
Supports multiple user roles: super administrator, department administrator, demand administrator, audit administrator, operations and maintenance personnel, auditor, system administrator, password administrator. Each user role has different permissions, providing users with the option to set up different roles, meeting compliance requirements for separation of powers, and providing flexible role customization capabilities.
Centralized operation and maintenance authorization
Through centralized authorization of bastion machines, we help customers streamline the relationship between users and hosts, and provide flexible authorization modes such as one-to-one, one to many, many to many, and many to many.
Asset single sign on
Support hosting accounts and passwords. Operations personnel can log in to the bastion host and select the corresponding asset to automatically log in to the target host for operations without entering the host's account and password.
Fine command control
Provide centralized command control strategy function, support command level strategy control for character protocol and database protocol, support wildcard and regular expression methods, and implement four actions: blocking session, blocking command, approval, and direct release.
Unified operation audit
Record all operations in detail and provide comprehensive query function; Audit logs can be played online or offline, and all audit logs support automatic backup and archiving.

Advantages of Operations Audit and Risk Control System
1. Unified authentication for efficient operation and maintenance
2. Operations audit meets compliance requirements
3. Remote operation and maintenance ensure security
4. Flexibly define operation and maintenance permissions