CloudWiki

The Health Insurance Portability and Accountability Act (HIPAA) is a series of regulatory standards that outline the lawful use and disclosure of protected health information in the United States. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Compliance checks for Amazon Web Services

Warning
Ensure Kinesis Data Stream encryption is enabled
Critical
Ensure root user has mfa enabled
Critical
Ensure no root account access key exists
Info
Ensure EKS Private access is enabled
Critical
Ensure SageMaker Notebook Data is Encrypted
Warning
Ensure SageMaker Notebook Direct Internet Access is disabled
Warning
Ensure EBS snapshots are encrypted
Warning
Ensure EMR clusters are encrypted in-transit and at-rest
Warning
Ensure IAM password policy requires minimum length of 14 or greater
Warning
Ensure IAM password policy require at least one symbol
Warning
Ensure IAM password policy requires at least one uppercase letter
Warning
Ensure IAM password policy require at least one number
Warning
Ensure IAM password policy prevents password reuse
Warning
Ensure security groups do not have ingress open to any (0.0.0.0/0)
Warning
Ensure that S3 Buckets are configured with "Block public access"
Warning
Ensure CloudFront distributions use a security policy with minimum TLSv1.1 or TLSv1.2
Warning
Ensure VPC flow logging is enabled in all VPCs
Warning
Ensure CloudFront distribution enforce HTTPS protocol for data in-transit
Warning
Ensure communication between CloudFront distributions and their origins is encrypted using HTTPS
Critical
Ensure ElastiCache Redis clusters are encrypted in-transit
Critical
Ensure ElastiCache Redis clusters are encrypted at-rest
Warning
Ensure that Cloudfront distribution is not using insecure SSL protocols
Warning
Ensure IAM User has no inline policy
Critical
Ensure all IAM users with console access have MFA enabled
Info
Resource has access to S3 bucket
Warning
Ensure CloudTrail logs are encrypted at rest
Warning
Ensure EBS volumes are encrypted
Critical
Ensure the S3 bucket for CloudTrail logs is not publicly accessible
Warning
Ensure EKS Public access is disabled
Warning
Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
Warning
Ensure SQS encryption is enabled
Warning
Ensure SNS encryption is enabled
Warning
Ensure S3 buckets have server access logging enabled to track access requests
Warning
Ensure data stored in the S3 bucket is securely encrypted at rest
Warning
Ensure CloudFront web distributions enforce field-level encryption
Critical
Ensure RDS database instances have storage encryption enabled