The page has been translated by Gen AI.

Managing Guardrails

The guardrails that are automatically applied for policy violation detection and prevention (detect/prevent type) rules, and security/compliance standards are as follows.

Preventive Guardrail

You can apply preventive guardrails to proactively block policy violations from occurring.

Applying preventive guardrails

It can be applied to preventive guardrails at the organizational level. To apply preventive guardrails at the organizational level, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Go to the Preventive Guardrail List page.
From the Preventive Guardrail List, select the preventive guardrails to apply to the organization unit, then click the Apply to Organization Unit button. 3. Navigate to the Apply to organization unit page.
- Multiple preventive guardrails can be selected and applied simultaneously.

After selecting the organizational unit to which you want to apply the preventive guardrail, click the Complete button.

Category	required status	Detailed description
Preventive guardrails to apply	-	Preventive guardrails list to be applied at the organizational level
Organizational unit name	Essential	Select the organizational unit to apply the preventive guardrail Only organizational units with Registered, Registration Failed status can be selected Click the organizational unit name or parent organizational unit name to view detailed information

View detailed information of preventive guardrail

You can view detailed information about preventive guardrails, the organizational units to which they are applied, and the list of Accounts. To disable the preventive guardrail, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Go to the Preventive Guardrail List page.
Click the preventive guardrail name to view detailed information in the Preventive Guardrail List. 3. Preventive Guardrail Details page
- Preventive Guardrail Details page consists of Basic Information, Applicable Organizational Unit, Account tab.

Basic Information

You can view basic and detailed information about the preventive guardrail.

Category	Detailed description
service	Service Name
Resource Type	Service type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation date and time
Modifier	User who edited the service information
Modification date and time	Date and time the service information was modified
Guardrail name	Name of the guardrail
type	Guardrail type
Target service name	Guardrail target service name
status	Whether guardrails are applied
Explanation	Description of guardrails

Table. Guardrail Details - Basic Information Tab Items

Applicable organization unit

You can view the list of organizational units where preventive guardrails are applied.

Category	Detailed description
Organizational unit name	Organizational unit name Click the organizational unit name to view detailed information
Parent organization unit name	Name of the parent organizational unit of the organizational unit Click the parent organizational unit name to view detailed information
status	Cloud Control registration status for organizational units Registered, Not registered, Registering, Registration failed No status displayed for Root

Account

You can view the list of sub‑Accounts under the organizational unit where preventive guardrails are directly applied.

Category	Detailed description
Account name	Account name
email	Account user email
Organizational unit name	Organization unit name Click the organization unit name to view detailed information
status	Cloud Control registration status for an organization unit or Account Registered, Not registered, Registering, Registration failed No status displayed when Root

Table. Root Details - Sub Account Tab Items

Reference

Preventive guardrails are inherited and applied from all higher-level organizational units, so preventive guardrails can also be applied to Accounts that are not in the Account list.

Disable preventive guardrail

You can disable the preventive guardrail applied at the organization level. To disable the preventive guardrail, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Preventive Guardrail menu. 2. Navigate to the Preventive Guardrail List page.
From the Preventive Guardrail List, select the preventive guardrail for which you want to disable organization-level enforcement, then click the More > Remove Organization-Level Enforcement button. 3. Navigate to the Remove organization unit application page.
- Multiple preventive guardrails can be selected simultaneously to disable them.

After selecting the organizational unit to disable the preventive guardrail, click the Complete button.

Category	Whether required	Detailed description
Guardrails to apply	-	List of preventive guardrails to be disabled
Organizational unit name	Essential	Select the organizational unit to disable the preventive guardrail Only organizational units with Registered, Registration Failed status can be selected Click the organizational unit name or parent organizational unit name to view detailed information

Detection Guardrail

When detection guardrails are enabled, Config Inspection diagnostics are automatically run for Accounts within the default organizational unit, performing checks daily.

Apply detection guardrails

You can apply detection guardrails on the Landing Zone Settings page.

information

Detection guardrails can also be enabled when creating a landing zone.

To apply detection guardrails, follow the steps below.

All Services > Management > Cloud Control Click the menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. 2. Navigate to the Landing Zone Settings page.
On the Landing Zone Settings page, click the Edit button for the Detection Guardrail item. 3. Detection Guardrail Settings The popup window opens.
Detection Guardrail Settings In the popup window, after checking Enable Cloud Control Detection Guardrail, click the Confirm button.
- When activation is checked, Plan, Check List, Diagnosis Cycle, Start Time are displayed.
When the pop-up indicating that the detection guardrail is active opens, click the Confirm button.

Check detection guardrail diagnostic results

You can view the Config Inspection diagnostic results via detection guardrails. To view the diagnostic results, follow these steps.

Click the All Services > Management > Cloud Control menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Detection Guardrail menu. 2. Navigate to the Detection Guardrail List page.
Click the diagnosis name of the Account for which you want to view diagnostic results from the Detection Guardrail List. 3. Go to the Diagnostic Results List page.
- In the search area of the Diagnosis Result List page, you can enter a diagnosis name or click the Advanced Search button to search.
On the Diagnosis Result List page, click the diagnosis result for the diagnosis name to view detailed diagnostic items. 4. Navigate to the Diagnostic Result Details page.
- Completed: The diagnostic request has been successfully completed, when Completed is clicked, navigate to the detail page
- Error: The diagnostic request was not completed successfully, and the error status item cannot view detailed information.

Diagnosis Result Details on the page

Category	Detailed description
Checklist	Set of diagnostic items that serve as the basis for diagnostic results
Area	Scope of Diagnosis (services of Samsung Cloud Platform)
Diagnostic Items	Security standards recommended for each service configuration Click the diagnostic item name to view detailed information about that diagnostic item Diagnostic item details: area, diagnostic item, result, diagnostic criteria, diagnostic method, remediation guide, detailed result
Result	Diagnostic Item Baseline Check Results PASS: Number of items in the checklist with a diagnostic result of PASS (normal) FAIL: Number of items in the checklist with a diagnostic result of FAIL (vulnerable) CHECK: Number of items in the checklist with a diagnostic result of CHECK (needs verification) ERROR: Number of items in the checklist with a diagnostic result of ERROR (diagnosis not possible) N/A: Number of items in the checklist with a diagnostic result of N/A (not applicable)

Table. Detailed Diagnosis Result Items

Reference

For detailed information about the diagnosis results, see Config Inspection’s Check Diagnosis Results.

Managing detection guardrail diagnostic results

You can view the results of the Config Inspection diagnosis request via the detection guardrail.

Reference

In Cloud Control, you cannot delete or modify inspection results.

To view the diagnostic request results, follow these steps.

All Services > Management > Cloud Control Click the menu. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Guardrail > Detection Guardrail menu. 2. Go to the Detection Guardrail List page.
In the Detection Guardrail List, click the diagnosis name of the Account that will manage the diagnostic results. 3. Go to the Diagnostic Results List page.
- On the Diagnosis Result List page, you can enter a diagnosis name in the search area or click the Advanced Search button to search.
On the Diagnostic Result List page, click the Diagnostic Result Management button. 4. Diagnosis Result Management Navigate to the detail page.

Diagnostic Result Management View the diagnostic results on the detail page.

Category	Detailed description
Checklist	Collection of diagnostic items that serve as the basis for diagnostic results
Area	Scope of Diagnosis (services of Samsung Cloud Platform)
Diagnostic Items	Security standards recommended for each service configuration Click the diagnostic item name to view detailed information about that diagnostic item Diagnostic details: area, diagnostic item, result, diagnostic criteria, diagnostic method, remediation guide, detailed result
Result	Diagnostic Item Baseline Check Results PASS: Number of items in the checklist with a diagnostic result of PASS (normal) FAIL: Number of items in the checklist with a diagnostic result of FAIL (vulnerable) CHECK: Number of items in the checklist with a diagnostic result of CHECK (needs verification) ERROR: Number of items in the checklist with a diagnostic result of ERROR (diagnosis not possible) N/A: Number of items in the checklist with a diagnostic result of N/A (not applicable)
Result check / Result change	Result Verification: Detailed information can be viewed in the result verification popup Registrant, validity period, change status, detailed reason, attachment, inspection result Attachments can only be viewed in Config Inspection Inspection results cannot be deleted in Cloud Control Result Modification: Inspection results cannot be modified in Cloud Control

Table. Diagnosis Result Management Items

Reference

For detailed information about the diagnostic results, see Config Inspection’s Managing Diagnostic Results.

Disable detection guardrail

On the Landing Zone Settings page, you can disable the detection guardrail. To disable the detection guardrail, follow these steps.

All Services > Management > Cloud Control menu, click it. 1. Navigate to the Service Home page of Cloud Control.
On the Service Home page, click the Landing Zone Settings menu. 2. Go to the Landing Zone Settings page.
On the Landing Zone Settings page, click the Edit button of the Detection Guardrail item. 3. Detection Guardrail Settings The popup window opens.
Detection Guardrail Settings in the popup window, uncheck Cloud Control Detection Guardrail Active.
When a popup that notifies the removal of detection guardrails opens, click the Confirm button.

How-to guides

Managing Organizations