Dash Continuous Compliance Monitoring

Automated HIPAA Controls and Compliance Monitoring for the Public Cloud

Identify Compliance Issues

Detect and identify cloud security and compliance issues with Dash

Dash gives organizations a view into their current state of compliance in the cloud. Healthcare organizations can view and respond to HIPAA compliance issues and gain insight into compliance issues including:

Networking Issues

Dash alerts you when there are issues related to cloud security groups, available ports and other network concerns.

AWS Covered Services

Dash notifies you when your team utilizes AWS services that are out of the realm of Amazon’s Business Associates Agreement (BAA).

Encryption Settings

Dash provides alerts and recommendations for resolving issues with unencrypted cloud services.

Log Management

Dash gives your team recommendations for AWS audit log configuration, so you can track system integrity.

Backup and Disaster Recovery

Dash provides recommendations for backup and disaster recovery settings that your team should implement in your cloud environment.

Policy & Administrative Issues

Dash notifies you whenever your organization must conduct risk assessments, reviews, or other tasks related to Dash Administrative Policies.

Setup Continuous Compliance Monitoring In Your AWS Environment

Policy Driven Compliance

Create administrative policies and controls by answering plain-English questions. These policy controls are connected into Dash technical controls and monitoring.

Automated Security Controls

Set security controls across all of your AWS cloud services. So you can easily manage HIPAA compliance across your entire cloud environment.

Scan Across Your Cloud Services

Dash continuously scans and monitors all of your AWS cloud services. Teams can view findings, receive security alerts and resolve all potential HIPAA compliance issues.

Resolve Compliance Issues

Fix vulnerable resources and and resolve compliance issues with one click

Dash gives security teams the ability to take action on compliance issues in the environment. Fix compliance issues with one click or via CLI commands.

Click-To-Fix Remediation

Dash provides teams with “click-to-fix” solutions for handling security and compliance issues in AWS. Enable security features and fix vulnerable resources with one click.

CLI Remediation

For DevOps staff utilizing the command line, Dash provides the AWS CLI commands for performing all security configuration changes in AWS. 

Rollback Changes

In-case of configuration issues, Dash provides options for instantly reverting all performed remediations and configuration changes.

Detect Security & Compliance Issues

Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA security controls that are enforced and monitored for AWS services:

Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity

Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity

S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication

Download Our Guide To Managing Compliance in AWS

Make Any Cloud Service HIPAA Compliant

Build HIPAA compliant services on all 100+ AWS services. Dash provides the monitoring and security controls required to maintain HIPAA compliance in the public cloud. Administrative policies created by your organization are connected into monitoring and allow your team to set a well defined security plan for HIPAA compliance management.

High Security Standards

Dash works alongside Amazon Web Service agreements and protections so your team can maintain high security and compliance standards.

Instantly Scalable

Utilizing Dash and AWS allows your organization to pay for only the services you need and scale up services at anytime.

aws hipaa compliance services

Streamline HIPAA Compliance In Your Cloud

Configure, monitor, and maintain HIPAA compliance in AWS.