AWS - HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Check if S3 buckets have server access logging enabled
Description:  164.308(a)(6)(ii) - Security Incident Procedures — Response and Reporting - Identify and respond to suspected or known security incidents; mi...
Sun, 29 Mar, 2020 at 12:01 PM
Enable S3 buckets have Object-level logging enabled in CloudTrail
Description:  164.308(a)(7)(i) - Contingency Plan - Establish (and implement as needed) policies and procedures for responding to an emergency or other occ...
Fri, 24 Apr, 2020 at 6:55 PM
Ensure there are no EBS Snapshots set as Public
Description: Elastic Block Store is a web service that provides block-level storage volumes for use with EC2 instances. EBS volumes are highly available an...
Tue, 28 Mar, 2023 at 7:40 AM
Ensure there are no Security Groups not being used
Description: A security group acts as a virtual firewall for the virtual machines and other resources running on cloud. They are created based on ports and...
Fri, 24 Mar, 2023 at 8:45 AM
Ensure Elastic Load Balancers have logging enabled
Description:  Elastic Load Balancing(ELB) automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers...
Tue, 4 Apr, 2023 at 8:05 AM
Ensure there are no EBS Volumes unencrypted
Description:  Elastic Block Store is a web service that provides block-level storage volumes for use with EC2 instances. EBS volumes are highly available a...
Tue, 14 Mar, 2023 at 8:10 AM
Ensure S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it
Description: Server-side encryption is the encryption of data at its destination by the application or service that receives it. AWS Key Management Service...
Thu, 30 Dec, 2021 at 12:46 AM
Ensure there are no S3 buckets open to the Everyone or Any AWS user
Description:  The Amazon S3 Block Public Access feature provides settings for access points, buckets, and accounts to help you manage public acces...
Mon, 19 Jul, 2021 at 8:23 AM
Ensure EBS snapshots are encrypted
Description:  164.312(a)(2)(iv) - Access Control — Encryption and Decryption - Implement a mechanism to encrypt and decrypt electronic protected health inf...
Sun, 26 Apr, 2020 at 3:25 PM
Ensure RDS instances storage is encrypted
Description:  164.312(b) - Audit Controls - Implement hardware, software, and/or procedural mechanisms that record and examine activity in information syst...
Sun, 26 Apr, 2020 at 3:25 PM