Dash Continuous Compliance Monitoring
Automated Security Controls and Compliance Monitoring for the Public Cloud
Tour Dash ComplyOps:
Advanced Compliance Automation
Dash Continuous Compliance Monitoring provides security teams with an innovative process for building and enforceing security policies and controls across your public cloud environments.
Dash automatically monitors and scans your IT infrastructure for security issues related to compliance standards including HIPAA, SOC 2, and NIST 800-53. Utilize Dash to execute on your security program and ensure security compliance in the public cloud.
Policy Driven Compliance
Create administrative policies and controls by answering plain-English questions. These policy controls are connected into Dash monitoring and technical enforcement.
Automated Security Controls
Set technical security controls across all of your AWS cloud services. So you can easily manage compliance across your entire cloud environment.
Scan Across Your Cloud Services
Dash continuously scans and monitors all of your AWS cloud services. Teams can view findings, receive security alerts and resolve all potential compliance issues.
The Dash Continuous Compliance Process
Identify Compliance Issues
Detect and identify cloud security and compliance issues with Dash.
Dash makes it easy for teams to monitor and detect security and compliance issues across your cloud environments.
Dash gives organizations a view into their current state of compliance in the cloud. Healthcare organizations can view and respond to HIPAA, SOC 2, and NIST compliance issues and gain insight into compliance issues including:
Networking Issues
Dash alerts you when there are issues related to cloud security groups, available ports and other network concerns.
Encryption Settings
Dash provides alerts and recommendations for resolving issues with unencrypted cloud services.
Backup and Disaster Recovery
Dash provides recommendations for backup and disaster recovery settings that your team should implement in your cloud environment.
AWS Covered Services
Dash notifies you when your team utilizes AWS services that are out of the realm of Amazon’s Business Associates Agreement (BAA).
Log Management
Dash gives your team recommendations for AWS audit log configuration, so you can track system integrity.
Policy & Administrative Issues
Dash notifies you whenever your organization must conduct risk assessments, reviews, or other tasks related to Dash Administrative Policies.
Setup Continuous Compliance Monitoring In Your AWS Environment
Resolve Compliance Issues
Resolve cloud security issues with a single click.
Dash gives security teams the ability to take action on compliance issues in the environment. Fix compliance issues with one click or via CLI commands.
Click-To-Fix Remediation
Dash provides teams with “click-to-fix” solutions for handling security and compliance issues in AWS. Enable security features and fix vulnerable resources with one click.
CLI Remediation
For DevOps staff utilizing the command line, Dash provides the AWS CLI commands for performing all security configuration changes in AWS.
Rollback Changes
In-case of configuration issues, Dash provides options for instantly reverting all performed remediations and configuration changes.
Detect Security & Compliance Issues
Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA and SOC 2 security controls that are enforced and monitored across cloud services:
Amazon EC2
Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity
Amazon IAM
Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity
Amazon S3
S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication
Additional services and scans included in Dash ComplyOps.
Amazon EC2
Unencrypted EBS Volumes – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups With All Ports Open To Public – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Group Allows Unrestricted Network Traffic –CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups Opens DB Ports To Public – CC6.6 Protect Against Threats From Outside Sources + PI1.5 Protects Stored Items
Security Groups Opens SSH, FTP, SMTP Ports To Public – CC6.6 Implements Logical Access Security + PI1.5 Protects Stored Items
Amazon IAM
Root Account In Use – CC6.1 Restricts Logical Access
Password Reuse Is Allowed – CC6.2 Controls Access Credentials to Protected Assets
Password Standards Are Insecure – CC6.2 Controls Access Credentials to Protected Assets
User Access Keys Rotation Is Disabled – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM Inline Policies Are In Use – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM NotActions Are In Use – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources
IAM AssumeRole Is Misconfigured – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources
Amazon S3
S3 Bucket Does Not Have Encryption Enabled – CC6.1 Restricts Logical Access/Uses Encryption To Protect Data
S3 Bucket Does Not Have Versioning Enabled – A1.2 Performs Data Backup
S3 Bucket Does Not Have Logging Enabled – CC7.2 Monitors System Components
S3 Bucket Is Readable By All (Public) – CC6.1 Restricts Logical Access
S3 Bucket Is Writable By All (Public) – CC6.1 Restricts Logical Access
Additional services and scans included in Dash ComplyOps.
Download Our Guide To Managing Compliance in AWS
Make Any Cloud Service Compliant
Build HIPAA/SOC 2/NIST compliant services on all 100+ AWS services. Dash provides the monitoring and security controls required to maintain compliance in the public cloud. Administrative policies created by your organization are connected into monitoring and allow your team to set a well defined security plan for HIPAA, SOC 2, and NIST compliance management.
High Security Standards
Dash works alongside Amazon Web Service agreements and protections so your team can maintain high security and compliance standards.
Instantly Scalable
Utilizing Dash and AWS allows your organization to pay for only the services you need and scale up services at anytime.
Continue Dash ComplyOps Tour
Streamline Compliance In Your Cloud
Configure, monitor, and maintain HIPAA and SOC 2 compliance in AWS.