Compliance Monitoring Made Easy
Dash Continuous Compliance Monitoring enables organizations to detect and resolve compliance issues with ease.
Continuous Compliance Monitoring
Cloud Security Protections
Administrative Policies
Manage Your Cloud Security Program
Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA security controls that are enforced and monitored for AWS services:
Amazon EC2
Detect and resolve compliance concerns related to Amazon EC2 Instances, Security Groups, and Volumes.
Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity
NIST SP 800-12 Rev 1 – An Introduction to Information Security
NIST SP 800-16 – Information Technology Security Training Requirements: a Role- and Performance-Based Model
NIST SP 800-18 Rev 1 – Guide for Developing Security Plans for Federal Information Systems
NIST SP 800-50 – Building an Information Technology Security Awareness and Training Program
NIST SP 800-107 Rev 1 – Recommendation for Applications Using Approved Hash Algorithms
NIST SP 800-61 Rev 2 – Computer Security Incident Handling Guide
NIST SP 800-83 Rev 1 – Guide to Malware Incident Prevention and Handling for Desktops and Laptops
NIST SP 800-106 – Randomized Hashing for Digital Signatures
Amazon IAM
Detect and resolve compliance concerns related to AWS password policies, IAM users, roles, and permissions.
Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity
Amazon S3
Detect and resolve compliance concerns related to S3 bucket access, encryption, and backup.
S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication
Rapidly Build Your HIPAA Security Program
Trusted By Healthcare Innovators
From healthcare providers to software services and medical devices. You’re in good company.
Implement Your HIPAA Security Plan
Dash enables teams to plan and implement compliance safeguards and security controls including the following
Compliance Roles
Designate Security and Privacy Officer roles and define HIPAA compliance responsibilities within the organization.
Employee Training & Policies
Create policies for managing HIPAA requirements related to employee training and system access. Dictate access to PHI and sensitive data.
Audit Logging
Configure an audit logging solution and determine how logs are collected, reviewed, and accessed to meet HIPAA requirements.
Intrusion Detection
Implement and perform intrusion detection. Find malicious behavior and compliance issues before they become violations.
Risk Assessment & Review
Address HIPAA risk assessment and risk analysis requirements. Set review periods for gathering compliance information, reviewing safeguards, and handling reports.
Incident Response & Breach Notification
Create a standard operating procedure for responding to security incidents. Set policies for notifying customers and vendors of potential HIPAA security breaches.
Disaster Recovery
Setup a Disaster Recovery team and set Recovery Time Objectives (RTOs) for responding to application and service availability issues within your organization.
Data Encryption & Decryption
Set standard policies and technical controls for encrypting PHI data in-transit and at-rest on AWS.
Unlock The Cloud For Healthcare
Automate Your Organization’s HIPAA Security Program
©2019 Dash Solutions Inc. All Rights Reserved.