Benchmark: 164.308(a)(1)(ii) Implementation specifications
Description
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with § 164.306(a). Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate. Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 164.308(a)(1)(ii) Implementation specifications.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.hipaa_164_308_a_1_iiSnapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.hipaa_164_308_a_1_ii --shareControls
- Ensure that Cloud Audit Logging is configured properly across all services and all users from a project
- Ensure that Cloud DNS logging is enabled for all VPC networks