Automated Security & Compliance Controls

Build and enforce a robust security program for the public cloud.

Set Compliance And Security Controls For Your Environment

Dash gives organizations a view into their current state of compliance in the cloud. Healthcare organizations can detect security issues and resolve HIPAA compliance concerns including:

Set Compliance And Security Controls For Your Environment
Networking Issues

Dash alerts you when there are issues related to cloud security groups, available ports and other network concerns.

AWS Covered Services

Dash notifies you when your team utilizes AWS services that are out of the realm of Amazon’s Business Associates Agreement (BAA).

Encryption Settings

Dash provides alerts and recommendations for resolving issues with unencrypted cloud services.

Log Management

Dash gives your team recommendations for AWS audit log configuration, so you can track system integrity.

Backup and Disaster Recovery

Dash provides recommendations for backup and disaster recovery settings that your team should implement in your cloud environment.

Policy & Administrative Issues

Dash notifies you whenever your organization must conduct risk assessments, reviews, or other tasks related to Dash Administrative Policies.

Policy Driven Compliance

Create administrative policies and controls by answering plain-english questions. These policy controls are connected into Dash technical controls and monitoring.

Set Automated Compliance Controls

Set security controls across all of your AWS cloud services. So you can easily manage HIPAA compliance across your entire cloud environment.

Scan Across All Of Your Cloud Services

Dash continuously scans and monitors all services. Teams receive security alerts and remediation for all potential HIPAA compliance issues.

See How Dash Monitors Security Controls In AWS

Dash configures, monitors, and remediates compliance issues within your organization’s cloud services. Below are some examples of HIPAA security controls that are enforced and monitored for AWS services:

Unencrypted EBS Volumes – 164.312(a)(2)(iv) Encryption and Decryption
Security Groups With All Ports Open To Public – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Group Allows Unrestricted Network Traffic – 164.312(c)(1) Integrity + 164.312(e)(1) Transmission Security
Security Groups Opens DB Ports To Public – 164.312(c)(1) Integrity
Security Groups Opens SSH, FTP, SMTP Ports To Public – 164.312(c)(1) Integrity

Root Account In Use – 164.312(a)(2)(i) Unique User Identification
Password Reuse Is Allowed – 164.308(a)(5)(ii)(D) Password Management
Password Standards Are Insecure – 164.308(a)(5)(ii)(D) Password Management
User Access Keys Rotation Is Disabled – 164.312(a)(1) Access Control
IAM Inline Policies Are In Use – 164.312(c)(1) Integrity + 164.312(e)(2)(i) Integrity Controls
IAM NotActions Are In Use – 164.312(c)(1) Integrity
IAM AssumeRole Is Misconfigured – 164.312(c)(1) Integrity

S3 Bucket Does Not Have Encryption Enabled – 164.312(a)(2)(iv) Encryption and Decryption
S3 Bucket Does Not Have Versioning Enabled – 164.308(a)(7)(ii)(A) Data Backup Plan
S3 Bucket Does Not Have Logging Enabled – 164.312(b) Audit Controls
S3 Bucket Is Readable By All (Public) – 164.312(d) Person or Entity Authentication
S3 Bucket Is Writable By All (Public) – 164.312(d) Person or Entity Authentication

Start Building HIPAA Compliant Applications

Fulfill HIPAA Requirements With Dash

Dash enables teams to plan and implement compliance safeguards and security controls including the following

Compliance Roles

Designate Security and Privacy Officer roles and define HIPAA compliance responsibilities within the organization.

Employee Training & Policies

Create policies for managing HIPAA requirements related to employee training and system access. Dictate access to PHI and sensitive data.

Audit Logging

Configure an audit logging solution and determine how logs are collected, reviewed, and accessed to meet HIPAA requirements.

Intrusion Detection

Implement and perform intrusion detection. Find malicious behavior and compliance issues before they become violations.

Risk Assessment & Review

Address HIPAA risk assessment and risk analysis requirements. Set review periods for gathering compliance information, reviewing safeguards, and handling reports.

Incident Response & Breach Notification

Create a standard operating procedure for responding to security incidents. Set policies for notifying customers and vendors of potential HIPAA security breaches.

Disaster Recovery

Setup a Disaster Recovery team and set Recovery Time Objectives (RTOs) for responding to application and service availability issues within your organization.

Data Encryption & Decryption

Set standard policies and technical controls for encrypting PHI data in-transit and at-rest on AWS.

Build And Manage A Robust Cloud Security Program

Trusted By Healthcare Innovators

From healthcare providers to software services and medical devices. You’re in good company.


Address HIPAA Requirements

Dash compliance controls are built around cloud computing and HIPAA safeguards such as

164.312(a)(2)(iv) Encryption and Decryption

Ensure that all cloud data volumes, cloud databases, and transmitted data is encrypted.

164.308(a)(7)(i) Protection from Malicious Software

Ensure that cloud network and security groups do not expose ports or access that may compromise PHI.

164.308(a)(4)(i) Information Access Management

Ensure that your company uses proper user roles and policies in AWS. Avoid HIPAA violations stemmed from access issues.

164.312(b) Audit Controls

Ensure that your organization’s logs are properly collected, aggregated, and analyzed.

164.308(a)(1)(ii)(A) Risk Analysis

Set procedures for conducting risk assessments. Receive alerts and notifications for remediating compliance issues.

164.310(a)(1) Facility Access Controls

Address physical security requirements utilizing Amazon Web Services safeguards provided under BAA.

Setup Cloud Controls and Continuous Compliance Monitoring For AWS

Cloud-Driven Compliance

Dash enables organizations to build a robust HIPAA security plan and security controls for Amazon Web Services and the public cloud.

AMI Deployed

Dash is deployed into your AWS Cloud account and allows teams to manage cloud services.

Utilize 100+ Cloud Services

Dash can be used alongside the hundreds of AWS cloud services to rapidly build, manage and get-to-market.

Cloud-Driven Compliance

Unlock The Cloud For Healthcare

Build and manage your HIPAA compliance with Dash