Loading controls...
Benchmark: 164.312(e)(1) Transmission security
Description
Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.
Usage
Browse dashboards and select 164.312(e)(1) Transmission security:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_312_e_1Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_312_e_1Controls
- ACM certificates should not expire within 30 days
- API Gateway stage should uses SSL certificate
- API Gateway stage cache encryption at rest should be enabled
- Auto Scaling launch config public IP should be disabled
- CloudFront distributions should require encryption in transit
- DMS replication instances should not be publicly accessible
- EBS snapshots should not be publicly restorable
- EC2 instances should be in a VPC
- EC2 instances should not have a public IP address
- ELB application load balancers should be drop HTTP headers
- ELB application load balancers should redirect HTTP requests to HTTPS
- ELB classic load balancers should use SSL certificates
- ELB classic load balancers should only use SSL or HTTPS listeners
- EMR cluster master nodes should not have public IP addresses
- ES domains should be in a VPC
- Elasticsearch domain node-to-node encryption should be enabled
- Lambda functions should be in a VPC
- Lambda functions should restrict public access
- OpenSearch domains node-to-node encryption should be enabled
- RDS DB instances should prohibit public access
- RDS snapshots should prohibit public access
- Redshift cluster encryption in transit should be enabled
- AWS Redshift enhanced VPC routing should be enabled
- Redshift clusters should prohibit public access
- S3 buckets should prohibit public read access
- S3 buckets should prohibit public write access
- S3 public access should be blocked at bucket levels
- SageMaker notebook instances should not have direct internet access
- SSM documents should not be public
- VPC default security group should not allow inbound and outbound traffic
- VPC route table should restrict public access to IGW
- VPC security groups should restrict ingress access on ports 20, 21, 22, 3306, 3389, 4333 from 0.0.0.0/0
- VPC security groups should restrict ingress SSH access from 0.0.0.0/0
- VPC security groups should restrict ingress TCP and UDP access from 0.0.0.0/0
- VPC subnet auto assign public IP should be disabled