AWS - HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Check if S3 buckets have server access logging enabled
Description:  164.308(a)(6)(ii) - Security Incident Procedures — Response and Reporting - Identify and respond to suspected or known security incidents; mi...
Sun, 29 Mar, 2020 at 12:01 PM
Enable S3 buckets have Object-level logging enabled in CloudTrail
Description:  164.308(a)(7)(i) - Contingency Plan - Establish (and implement as needed) policies and procedures for responding to an emergency or other occ...
Fri, 24 Apr, 2020 at 6:55 PM
Ensure there are no EBS Snapshots set as Public
Description:  164.308(a)(7)(ii)(A) - Contingency Plan – Data Backup Plan - Establish and implement procedures to create and maintain retrievable exact copi...
Fri, 2 Oct, 2020 at 5:04 PM
Ensure every Security Group is being used by at least one resource
Description:  Ensure every Security Group is being used by at least one resource. Security groups provide stateful filtering of ingress/egress network traf...
Fri, 2 Oct, 2020 at 5:38 PM
Ensure Elastic Load Balancers have logging enabled
Description:  164.308(a)(7)(ii)(C) - Contingency Plan — Emergency Mode Operation Plan - Establish (and implement as needed) procedures to enable continuat...
Sun, 26 Apr, 2020 at 3:25 PM
Ensure there are no EBS Volumes unencrypted
Description:  164.310(d)(2)(iv) - Device and Media Controls - Create a retrievable, exact copy of electronic protected health information, when needed, bef...
Sun, 29 Mar, 2020 at 12:01 PM
Ensure S3 buckets have default encryption (SSE) enabled or use a bucket policy to enforce it
Description:  164.312(a)(1) - Access Control Implement technical policies and procedures for electronic information systems that maintain electronic protec...
Tue, 28 Apr, 2020 at 3:21 PM
Ensure there are no S3 buckets open to the Everyone or Any AWS user
Description:  164.312(a)(2)(ii) - Access Control — Emergency Access Procedure - Establish (and implement as needed) procedures for obtaining necessary elec...
Sun, 29 Mar, 2020 at 12:02 PM
Ensure EBS snapshots are encrypted
Description:  164.312(a)(2)(iv) - Access Control — Encryption and Decryption - Implement a mechanism to encrypt and decrypt electronic protected health inf...
Sun, 26 Apr, 2020 at 3:25 PM
Ensure RDS instances storage is encrypted
Description:  164.312(b) - Audit Controls - Implement hardware, software, and/or procedural mechanisms that record and examine activity in information syst...
Sun, 26 Apr, 2020 at 3:25 PM