Implement infra hipaa features table

gruntwork-io · Jul 29, 2021 · 3afc7ed · 3afc7ed
1 parent 004b188
commit 3afc7ed
Show file tree

Hide file tree

Showing 5 changed files with 185 additions and 3 deletions.
diff --git a/_data/hipaa-infrastructure.yml b/_data/hipaa-infrastructure.yml
@@ -0,0 +1,109 @@
+features:
+  - title: Protection from malicious software
+    standard: §164.308(a)(5)(ii)(B)
+    description: Least-privilege-based security group rules, network access control lists, regularly updated machine images, hardened operating systems, and more.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: CIS hardened base images
+    description: Virtual images hardened in accordance with the CIS Benchmarks, a set of internationally recognized secure configuration guidelines.
+    ref_arch_base: "no"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Anti-virus
+    description: Real-time protection against viruses, spyware and malware.
+    ref_arch_base: "no"
+    ref_arch_cis: "no"
+    ref_arch_hipaa: "yes"
+
+  - title: File integrity monitoring
+    description: Checks for changes to critical files and notifies on them. HIPAA requires that companies employ file integrity monitoring to ensure complete visibility into their systems.
+    ref_arch_base: "no"
+    ref_arch_cis: "no"
+    ref_arch_hipaa: "soon"
+
+  - title: Log in monitoring
+    standard: §164.308(a)(5)(ii)(C)
+    description: We include code to monitor for and send notifications about unusual and unauthorized log in activity.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Password management
+    standard: §164.308(a)(5)(ii)(D)
+    description: The AWS IAM user password policy is defined in code. We also provide patterns for handling secrets securely.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Encryption
+    standard: §164.312(a)(2)(iv)
+    description: Our modules use encryption by default. Databases, disk volumes, S3 buckets, and machine images are all encrypted. Network connections are encrypted.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Audit controls
+    standard: §164.312(b)
+    description: Audit data from multiple levels in the infrastructure are aggregated in a dedicated, compartmentalized logging account, including AWS Config, CloudTrail, GuardDuty, and VPC flow logs.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Authorization
+    standard: §164.308(a)(4)(ii)(B)
+    description: All user access is tracked in code, including users and a pre-defined set of roles and groups.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Inventory and categorize systems
+    standard: §164.308(a)(1)(ii)(A)
+    description: We've devised a system of resource tags to help you perform live reports on which system contain PHI.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Conduct a risk assessment
+    standard: §164.308(a)(1)(ii)(A)
+    description: We have conducted a risk assessment for all of the infrastructure code, including a threat analysis, list of potential vulnerabilities, and a security control review, all wrapped up in a risk assessment report.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Update risk assessments
+    standard: §164.308(a)(1)(ii)(A)
+    description: Gruntwork will help you keep your infrastructure up-to-date, and we'll update the risk assesssment as we go.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Select appropriate security controls
+    standard: §164.308(a)(1)(ii)(B)
+    description: We have built-in controls to mitigate the risks identified by the assessment. We provide documentation and procedures to help you understand and operate the environment accordingly.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Access control
+    standard: §164.308(a)(4)(ii)(C)
+    description: We include code that regularly monitors user access and sends a notification when unused accounts are detected.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Policy violations
+    standard: §164.308(a)(1)(ii)(C)
+    description: You'll need documented policies and processes that lay out what individual actions will be taken if HIPAA safeguards are violated.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
+
+  - title: Assign responsibility for security
+    standard: §164.308(a)(2)
+    description: Identify an individual who is responsible for implementing the policies and procedures within the organization.
+    ref_arch_base: "yes"
+    ref_arch_cis: "yes"
+    ref_arch_hipaa: "yes"
diff --git a/pages/landing/hipaa/technical-details/_availability-table-cell-infra.html b/pages/landing/hipaa/technical-details/_availability-table-cell-infra.html
@@ -0,0 +1,21 @@
+{% if pass == "yes" %}
+<img
+  style="max-width: 40px; margin: 10px"
+  src="/assets/img/table-icons/green-check.png"
+/><br />Available{% elsif pass == "soon" %}
+<img
+  style="max-width: 40px; margin: 10px"
+  src="/assets/img/table-icons/dotted-check.png"
+/><br />Coming soon {% elsif pass == "no" %}
+<img
+  style="max-width: 40px; margin: 10px"
+  src="/assets/img/table-icons/red-cross.png"
+/><br />Not included {% elsif pass == "user" %}
+<img
+  style="max-width: 40px; margin: 10px"
+  src="/assets/img/table-icons/user-circle.png"
+/><br />Customer Responsibility {% else %}
+<img
+  style="max-width: 40px; margin: 10px"
+  src="/assets/img/table-icons/red-cross.png"
+/>{{ pass }} {% endif %}
diff --git a/pages/landing/hipaa/technical-details/_availability-table-cell.html b/pages/landing/hipaa/technical-details/_availability-table-cell.html
@@ -10,11 +10,11 @@
 <img
   style="max-width: 40px; margin: 10px"
   src="/assets/img/table-icons/red-cross.png"
-/>Not included {% elsif pass == "user" %}
+/><br />Not included {% elsif pass == "user" %}
 <img
   style="max-width: 40px; margin: 10px"
   src="/assets/img/table-icons/user-circle.png"
-/>Customer Responsibility {% else %}
+/><br />Customer Responsibility {% else %}
 <img
   style="max-width: 40px; margin: 10px"
   src="/assets/img/table-icons/red-cross.png"

diff --git a/pages/landing/hipaa/technical-details/_infra-features-table.html b/pages/landing/hipaa/technical-details/_infra-features-table.html
@@ -0,0 +1,52 @@
+<style>
+  #hipaa.table tr:nth-child(odd) td:last-child {
+    background-color: rgb(31, 59, 82);
+  }
+  #hipaa.table tr:nth-child(even) td:last-child {
+    background-color: rgb(23, 51, 77);
+  }
+</style>
+<table class="table table-striped" id="hipaa">
+  <thead>
+    <tr>
+      <th>Requirement</th>
+      <th>Description</th>
+      <th>Gruntwork Standard</th>
+      <th>Gruntwork CIS</th>
+      <th>Gruntwork HIPAA</th>
+    </tr>
+  </thead>
+  <tbody>
+    {% for package in site.data.hipaa-infrastructure.features %} {% capture id
+    %}{{ package.requirement | replace: " ", "_" | replace: ")", "_" | replace:
+    "(", "_" }}" class="table-clickable-row" data-toggle="modal"
+    data-target="#modal-{{ package.name | replace: " ", "_" | replace: "(", "_"
+    | replace: ")", "_" }}{% endcapture %}
+    <tr>
+      <td style="width: 25%; color: white">{{ package.title }}</td>
+      <td>{{ package.description }}</td>
+      <td class="text-center">
+        <!-- Ref Arch Base -->
+        {% assign pass = package.ref_arch_base %} {% assign time =
+        package.ref_arch_base_time %} {% include_relative
+        _availability-table-cell-infra.html pass = pass time = time %}
+        <!-- End Ref Arch Base -->
+      </td>
+      <td class="text-center">
+        <!-- Ref Arch CIS -->
+        {% assign pass = package.ref_arch_cis %} {% assign time =
+        package.ref_arch_cis_time %} {% include_relative
+        _availability-table-cell-infra.html pass = pass time = time %}
+        <!-- End Ref Arch CIS -->
+      </td>
+      <td class="text-center">
+        <!-- Ref Arch HIPAA -->
+        {% assign pass = package.ref_arch_hipaa %} {% assign time =
+        package.ref_arch_hipaa_time %} {% include_relative
+        _availability-table-cell-infra.html pass = pass time = time %}
+        <!-- End Ref Arch HIPAA -->
+      </td>
+    </tr>
+    {% endfor %}
+  </tbody>
+</table>
diff --git a/pages/landing/hipaa/technical-details/_infra-more-details.html b/pages/landing/hipaa/technical-details/_infra-more-details.html
@@ -5,5 +5,5 @@ <h2>Supported Infrastructure features</h2>
 </p>
 
 <div class="section-dark">
-  <div class="container">{% include_relative _plans.html %}</div>
+  <div class="container">{% include_relative _infra-features-table.html %}</div>
 </div>