Benchmark: 164.314(b)(2)(i)
Description
Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits on behalf of the group health plan.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 164.314(b)(2)(i).
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_2_iSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_2_i --shareControls
- CloudTrail trail logs should be encrypted with KMS CMK
- DynamoDB Accelerator (DAX) clusters should be encrypted at rest
- DynamoDB table should have encryption enabled
- Attached EBS volumes should have encryption enabled
- EBS default encryption should be enabled
- EKS clusters should be configured to have kubernetes secrets encrypted using KMS
- ELB classic load balancers should only use SSL or HTTPS listeners
- ES domain encryption at rest should be enabled
- Elasticsearch domain node-to-node encryption should be enabled
- OpenSearch domains should have encryption at rest enabled
- OpenSearch domains should use HTTPS
- OpenSearch domains node-to-node encryption should be enabled
- RDS DB instance encryption at rest should be enabled
- RDS DB snapshots should be encrypted at rest
- Redshift cluster encryption in transit should be enabled
- AWS Redshift clusters should be encrypted with KMS
- Redshift clusters should prohibit public access
- S3 bucket default encryption should be enabled
- S3 bucket default encryption should be enabled with KMS
- S3 buckets should enforce SSL
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 public access should be blocked at account level
- SageMaker endpoint configuration encryption should be enabled
- SageMaker notebook instance encryption should be enabled
- VPC should be configured to use VPC endpoints