Benchmark: 164.308(a)(7)(i) Contingency plan
Description
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 164.308(a)(7)(i) Contingency plan.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_308_a_7_i
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_308_a_7_i --share
Controls
- Auto Scaling groups with a load balancer should use health checks
- Backup plan min frequency and min retention check
- Backup recovery points should be encrypted
- Backup recovery points manual deletion should be disabled
- Backup recovery points should not expire before retention period
- DynamoDB table auto scaling should be enabled
- DynamoDB tables should be in a backup plan
- DynamoDB table point-in-time recovery should be enabled
- DynamoDB table should be protected by backup plan
- EBS volumes should be in a backup plan
- EBS volumes should be protected by a backup plan
- EC2 instance should have EBS optimization enabled
- EC2 instances should be protected by backup plan
- EFS file systems should be in a backup plan
- EFS file systems should be protected by backup plan
- ElastiCache Redis cluster automatic backup should be enabled with retention period of 15 days or greater
- ELB application load balancer deletion protection should be enabled
- ELB classic load balancers should have cross-zone load balancing enabled
- FSx file system should be protected by backup plan
- RDS Aurora clusters should be protected by backup plan
- RDS DB instance backup should be enabled
- RDS DB instances should have deletion protection enabled
- RDS DB instances should be in a backup plan
- RDS DB instance multiple az should be enabled
- RDS DB instance should be protected by backup plan
- AWS Redshift clusters should have automatic snapshots enabled
- S3 bucket cross-region replication should be enabled
- S3 bucket versioning should be enabled
- Both VPN tunnels provided by AWS Site-to-Site VPN should be in UP status