Dash Continuous Compliance Monitoring

Automated Security Controls and Compliance Monitoring for the Public Cloud

Advanced Compliance Automation

Dash Continuous Compliance Monitoring provides security teams with an innovative process for building and enforcing security policies and controls across your public cloud environments.

Dash automatically monitors and scans your IT infrastructure for security issues related to compliance standards including HIPAA, SOC 2, and NIST 800-53. Utilize Dash to execute on your security program and ensure security compliance in the public cloud.

continuous compliance monitoring
Policy Driven Compliance

Create administrative policies and controls by answering plain-English questions. These policy controls are connected into Dash  monitoring and technical enforcement.

Automated Security Controls

Set technical security controls across all of your AWS cloud services. So you can easily manage compliance across your entire cloud environment.

Scan Across Your Cloud Services

Dash continuously scans and monitors all of your AWS cloud services. Teams can view findings, receive security alerts and resolve all potential compliance issues.

The Dash Continuous Compliance Process

Identify Compliance Issues

Detect and identify cloud security and compliance issues with Dash.

Dash makes it easy for teams to monitor and detect security and compliance issues across your cloud environments.

Dash gives organizations a view into their current state of compliance in the cloud. Healthcare organizations can view and respond to HIPAA, SOC 2, and NIST compliance issues and gain insight into compliance issues including:

Networking Issues

Dash alerts you when there are issues related to cloud security groups, available ports and other network concerns.

Encryption Settings

Dash provides alerts and recommendations for resolving issues with unencrypted cloud services.

Backup and Disaster Recovery

Dash provides recommendations for backup and disaster recovery settings that your team should implement in your cloud environment.

AWS Covered Services

Dash notifies you when your team utilizes AWS services that are out of the realm of Amazon’s Business Associates Agreement (BAA).

Log Management

Dash gives your team recommendations for AWS audit log configuration, so you can track system integrity.

Policy & Administrative Issues

Dash notifies you whenever your organization must conduct risk assessments, reviews, or other tasks related to Dash Administrative Policies.

Setup Continuous Compliance Monitoring In Your AWS Environment

Resolve Compliance Issues

Resolve cloud security issues with a single click.

Dash gives security teams the ability to take action on compliance issues in the environment. Fix compliance issues with one click or via CLI commands.

Click-To-Fix Remediation

Dash provides teams with “click-to-fix” solutions for handling security and compliance issues in AWS. Enable security features and fix vulnerable resources with one click.

CLI Remediation

For DevOps staff utilizing the command line, Dash provides the AWS CLI commands for performing all security configuration changes in AWS. 

Rollback Changes

In-case of configuration issues, Dash provides options for instantly reverting all performed remediations and configuration changes.

Detect Security & Compliance Issues

Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA and SOC 2 security controls that are enforced and monitored across cloud services:

Amazon EC2

Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity

Amazon IAM

Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity

Amazon S3

S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication

Additional services and scans included in Dash ComplyOps.

Amazon EC2

Unencrypted EBS Volumes – CC6.6 Protect Against Threats From Outside Sources  + PI1.5 Protects Stored Items
Security Groups With All Ports Open To Public – CC6.6 Protect Against Threats From Outside Sources  + PI1.5 Protects Stored Items
Security Group Allows Unrestricted Network Traffic –CC6.6 Protect Against Threats From Outside Sources  + PI1.5 Protects Stored Items
Security Groups Opens DB Ports To Public – CC6.6 Protect Against Threats From Outside Sources  + PI1.5 Protects Stored Items
Security Groups Opens SSH, FTP, SMTP Ports To Public – CC6.6 Implements Logical Access Security + PI1.5 Protects Stored Items

Amazon IAM

Root Account In Use – CC6.1 Restricts Logical Access
Password Reuse Is Allowed – CC6.2 Controls Access Credentials to Protected Assets
Password Standards Are Insecure – CC6.2 Controls Access Credentials to Protected Assets
User Access Keys Rotation Is Disabled  – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM Inline Policies Are In Use – CC6.1 Restricts Logical Access + CC6.2 Controls Access Credentials to Protected Assets
IAM NotActions Are In Use – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources 
IAM AssumeRole Is Misconfigured – CC6.3 Entity Authorizes Based on Roles/Responsibilities + CC6.6 Protect Against Threats From Outside Sources 

Amazon S3

S3 Bucket Does Not Have Encryption Enabled – CC6.1 Restricts Logical Access/Uses Encryption To Protect Data
S3 Bucket Does Not Have Versioning Enabled – A1.2 Performs Data Backup
S3 Bucket Does Not Have Logging Enabled – CC7.2 Monitors System Components 
S3 Bucket Is Readable By All (Public) – CC6.1 Restricts Logical Access
S3 Bucket Is Writable By All (Public) – CC6.1 Restricts Logical Access

Additional services and scans included in Dash ComplyOps.

Download Our Guide To Managing Compliance in AWS

Make Any Cloud Service Compliant

Build HIPAA/SOC 2/NIST compliant services on all 100+ AWS services. Dash provides the monitoring and security controls required to maintain compliance in the public cloud. Administrative policies created by your organization are connected into monitoring and allow your team to set a well defined security plan for HIPAA, SOC 2, and NIST compliance management.

High Security Standards

Dash works alongside Amazon Web Service agreements and protections so your team can maintain high security and compliance standards.

Instantly Scalable

Utilizing Dash and AWS allows your organization to pay for only the services you need and scale up services at anytime.

aws hipaa compliance
microsoft azure

Streamline Compliance In Your Cloud

Configure, monitor, and maintain HIPAA and SOC 2 compliance in AWS.