Benchmark: User Authentication for External Connections
Description
When accessing electronic protected health information (ePHI) from external sources, it's crucial to prioritize user authentication as part of our commitment to HIPAA and HITRUST compliance. To ensure secure access, we have implemented strong authentication measures, including unique user IDs, strong passwords, and multi-factor authentication. These measures verify the identity of individuals accessing ePHI remotely, ensuring that only authorized users with the right credentials can establish secure connections. By prioritizing user authentication, we protect the confidentiality of sensitive health information and minimize the risk of unauthorized access.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select User Authentication for External Connections.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_user_authentication_for_external_connections
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.hipaa_hitrust_v92_user_authentication_for_external_connections --share
Benchmarks
- Remote access by vendors and business partners (e.g., for remote maintenance) is disabled/deactivated when not in use
- If encryption is not used for dial-up connections, the CIO or his/her designated representative provides specific written authorization
- The organization protects wireless access to systems containing sensitive information by authenticating both users and devices
- The organization requires a callback capability with re-authentication to verify dial-up connections from authorized locations
- User IDs assigned to vendors are reviewed in accordance with the organization's access review policy, at a minimum annually