-
-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement infra hipaa features table
- Loading branch information
1 parent
004b188
commit 3afc7ed
Showing
5 changed files
with
185 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
features: | ||
- title: Protection from malicious software | ||
standard: §164.308(a)(5)(ii)(B) | ||
description: Least-privilege-based security group rules, network access control lists, regularly updated machine images, hardened operating systems, and more. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: CIS hardened base images | ||
description: Virtual images hardened in accordance with the CIS Benchmarks, a set of internationally recognized secure configuration guidelines. | ||
ref_arch_base: "no" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Anti-virus | ||
description: Real-time protection against viruses, spyware and malware. | ||
ref_arch_base: "no" | ||
ref_arch_cis: "no" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: File integrity monitoring | ||
description: Checks for changes to critical files and notifies on them. HIPAA requires that companies employ file integrity monitoring to ensure complete visibility into their systems. | ||
ref_arch_base: "no" | ||
ref_arch_cis: "no" | ||
ref_arch_hipaa: "soon" | ||
|
||
- title: Log in monitoring | ||
standard: §164.308(a)(5)(ii)(C) | ||
description: We include code to monitor for and send notifications about unusual and unauthorized log in activity. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Password management | ||
standard: §164.308(a)(5)(ii)(D) | ||
description: The AWS IAM user password policy is defined in code. We also provide patterns for handling secrets securely. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Encryption | ||
standard: §164.312(a)(2)(iv) | ||
description: Our modules use encryption by default. Databases, disk volumes, S3 buckets, and machine images are all encrypted. Network connections are encrypted. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Audit controls | ||
standard: §164.312(b) | ||
description: Audit data from multiple levels in the infrastructure are aggregated in a dedicated, compartmentalized logging account, including AWS Config, CloudTrail, GuardDuty, and VPC flow logs. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Authorization | ||
standard: §164.308(a)(4)(ii)(B) | ||
description: All user access is tracked in code, including users and a pre-defined set of roles and groups. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Inventory and categorize systems | ||
standard: §164.308(a)(1)(ii)(A) | ||
description: We've devised a system of resource tags to help you perform live reports on which system contain PHI. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Conduct a risk assessment | ||
standard: §164.308(a)(1)(ii)(A) | ||
description: We have conducted a risk assessment for all of the infrastructure code, including a threat analysis, list of potential vulnerabilities, and a security control review, all wrapped up in a risk assessment report. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Update risk assessments | ||
standard: §164.308(a)(1)(ii)(A) | ||
description: Gruntwork will help you keep your infrastructure up-to-date, and we'll update the risk assesssment as we go. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Select appropriate security controls | ||
standard: §164.308(a)(1)(ii)(B) | ||
description: We have built-in controls to mitigate the risks identified by the assessment. We provide documentation and procedures to help you understand and operate the environment accordingly. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Access control | ||
standard: §164.308(a)(4)(ii)(C) | ||
description: We include code that regularly monitors user access and sends a notification when unused accounts are detected. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Policy violations | ||
standard: §164.308(a)(1)(ii)(C) | ||
description: You'll need documented policies and processes that lay out what individual actions will be taken if HIPAA safeguards are violated. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" | ||
|
||
- title: Assign responsibility for security | ||
standard: §164.308(a)(2) | ||
description: Identify an individual who is responsible for implementing the policies and procedures within the organization. | ||
ref_arch_base: "yes" | ||
ref_arch_cis: "yes" | ||
ref_arch_hipaa: "yes" |
21 changes: 21 additions & 0 deletions
21
pages/landing/hipaa/technical-details/_availability-table-cell-infra.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{% if pass == "yes" %} | ||
<img | ||
style="max-width: 40px; margin: 10px" | ||
src="/assets/img/table-icons/green-check.png" | ||
/><br />Available{% elsif pass == "soon" %} | ||
<img | ||
style="max-width: 40px; margin: 10px" | ||
src="/assets/img/table-icons/dotted-check.png" | ||
/><br />Coming soon {% elsif pass == "no" %} | ||
<img | ||
style="max-width: 40px; margin: 10px" | ||
src="/assets/img/table-icons/red-cross.png" | ||
/><br />Not included {% elsif pass == "user" %} | ||
<img | ||
style="max-width: 40px; margin: 10px" | ||
src="/assets/img/table-icons/user-circle.png" | ||
/><br />Customer Responsibility {% else %} | ||
<img | ||
style="max-width: 40px; margin: 10px" | ||
src="/assets/img/table-icons/red-cross.png" | ||
/>{{ pass }} {% endif %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
pages/landing/hipaa/technical-details/_infra-features-table.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<style> | ||
#hipaa.table tr:nth-child(odd) td:last-child { | ||
background-color: rgb(31, 59, 82); | ||
} | ||
#hipaa.table tr:nth-child(even) td:last-child { | ||
background-color: rgb(23, 51, 77); | ||
} | ||
</style> | ||
<table class="table table-striped" id="hipaa"> | ||
<thead> | ||
<tr> | ||
<th>Requirement</th> | ||
<th>Description</th> | ||
<th>Gruntwork Standard</th> | ||
<th>Gruntwork CIS</th> | ||
<th>Gruntwork HIPAA</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
{% for package in site.data.hipaa-infrastructure.features %} {% capture id | ||
%}{{ package.requirement | replace: " ", "_" | replace: ")", "_" | replace: | ||
"(", "_" }}" class="table-clickable-row" data-toggle="modal" | ||
data-target="#modal-{{ package.name | replace: " ", "_" | replace: "(", "_" | ||
| replace: ")", "_" }}{% endcapture %} | ||
<tr> | ||
<td style="width: 25%; color: white">{{ package.title }}</td> | ||
<td>{{ package.description }}</td> | ||
<td class="text-center"> | ||
<!-- Ref Arch Base --> | ||
{% assign pass = package.ref_arch_base %} {% assign time = | ||
package.ref_arch_base_time %} {% include_relative | ||
_availability-table-cell-infra.html pass = pass time = time %} | ||
<!-- End Ref Arch Base --> | ||
</td> | ||
<td class="text-center"> | ||
<!-- Ref Arch CIS --> | ||
{% assign pass = package.ref_arch_cis %} {% assign time = | ||
package.ref_arch_cis_time %} {% include_relative | ||
_availability-table-cell-infra.html pass = pass time = time %} | ||
<!-- End Ref Arch CIS --> | ||
</td> | ||
<td class="text-center"> | ||
<!-- Ref Arch HIPAA --> | ||
{% assign pass = package.ref_arch_hipaa %} {% assign time = | ||
package.ref_arch_hipaa_time %} {% include_relative | ||
_availability-table-cell-infra.html pass = pass time = time %} | ||
<!-- End Ref Arch HIPAA --> | ||
</td> | ||
</tr> | ||
{% endfor %} | ||
</tbody> | ||
</table> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters