Benchmark: 164.312(a)(1) Access control
Description
Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 164.312(a)(1) Access control.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.hipaa_security_rule_2003_164_312_a_1Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.hipaa_security_rule_2003_164_312_a_1 --shareControls
- DMS replication instances should not be publicly accessible
- EBS snapshots should not be publicly restorable
- EC2 instances should be in a VPC
- EC2 instances should not have a public IP address
- EMR cluster Kerberos should be enabled
- EMR cluster master nodes should not have public IP addresses
- ES domains should be in a VPC
- IAM groups should have at least one user
- IAM policy should not have statements with admin access
- IAM users with console access should have MFA enabled
- IAM users should be in at least one group
- IAM user should not have any inline or attached policies
- Lambda functions should be in a VPC
- Lambda functions should restrict public access
- OpenSearch domains should be in a VPC
- RDS DB instances should prohibit public access
- RDS snapshots should prohibit public access
- Redshift clusters should prohibit public access
- S3 bucket policy should prohibit public access
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 public access should be blocked at account level
- SageMaker notebook instances should not have direct internet access