Automated Security Controls and Compliance Monitoring for the Public Cloud
Dash Continuous Compliance Monitoring provides security teams with an innovative process for building and enforcing security policies and controls across your public cloud environments.
Dash automatically monitors and scans your IT infrastructure for security issues related to compliance standards including HIPAA, SOC 2, and NIST 800-53. Utilize Dash to execute on your security program and ensure security compliance in the public cloud.
Create administrative policies and controls by answering plain-English questions. These policy controls are connected into Dash monitoring and technical enforcement.
Set technical security controls across all of your AWS cloud services. So you can easily manage compliance across your entire cloud environment.
Dash continuously scans and monitors all of your AWS cloud services. Teams can view findings, receive security alerts and resolve all potential compliance issues.
Detect and identify cloud security and compliance issues with Dash.
Dash makes it easy for teams to monitor and detect security and compliance issues across your cloud environments.
Dash gives organizations a view into their current state of compliance in the cloud. Healthcare organizations can view and respond to HIPAA, SOC 2, and NIST compliance issues and gain insight into compliance issues including:
Dash alerts you when there are issues related to cloud security groups, available ports and other network concerns.
Dash provides alerts and recommendations for resolving issues with unencrypted cloud services.
Dash provides recommendations for backup and disaster recovery settings that your team should implement in your cloud environment.
Dash notifies you when your team utilizes AWS services that are out of the realm of Amazon’s Business Associates Agreement (BAA).
Dash gives your team recommendations for AWS audit log configuration, so you can track system integrity.
Dash notifies you whenever your organization must conduct risk assessments, reviews, or other tasks related to Dash Administrative Policies.
Resolve cloud security issues with a single click.
Dash gives security teams the ability to take action on compliance issues in the environment. Fix compliance issues with one click or via CLI commands.
Dash provides teams with “click-to-fix” solutions for handling security and compliance issues in AWS. Enable security features and fix vulnerable resources with one click.
For DevOps staff utilizing the command line, Dash provides the AWS CLI commands for performing all security configuration changes in AWS.
In-case of configuration issues, Dash provides options for instantly reverting all performed remediations and configuration changes.
Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA and SOC 2 security controls that are enforced and monitored across cloud services:
Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity
Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity
S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication
Additional services and scans included in Dash ComplyOps.
Unencrypted EBS Volumes – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups With All Ports Open To Public – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Group Allows Unrestricted Network Traffic –CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups Opens DB Ports To Public – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups Opens SSH, FTP, SMTP Ports To Public – CC6.6 Implements Logical Access Security + PI1.5 Protects Stored Items
Root Account In Use – CC6.1 Restricts Logical Access
Password Reuse Is Allowed – CC6.2 Controls Access Credentials to Protected Assets
Password Standards Are Insecure – CC6.2 Controls Access Credentials to Protected Assets
User Access Keys Rotation Is Disabled – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM Inline Policies Are In Use – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM NotActions Are In Use – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources
IAM AssumeRole Is Misconfigured – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources
S3 Bucket Does Not Have Encryption Enabled – CC6.1 Restricts Logical Access/Uses Encryption To Protect Data
S3 Bucket Does Not Have Versioning Enabled – A1.2 Performs Data Backup
S3 Bucket Does Not Have Logging Enabled – CC7.2 Monitors System Components
S3 Bucket Is Readable By All (Public) – CC6.1 Restricts Logical Access
S3 Bucket Is Writable By All (Public) – CC6.1 Restricts Logical Access
Additional services and scans included in Dash ComplyOps.
Build HIPAA/SOC 2/NIST compliant services on all 100+ AWS services. Dash provides the monitoring and security controls required to maintain compliance in the public cloud. Administrative policies created by your organization are connected into monitoring and allow your team to set a well defined security plan for HIPAA, SOC 2, and NIST compliance management.
Dash works alongside Amazon Web Service agreements and protections so your team can maintain high security and compliance standards.
Utilizing Dash and AWS allows your organization to pay for only the services you need and scale up services at anytime.
Configure, monitor, and maintain HIPAA and SOC 2 compliance in AWS.