Benchmark: 164.314(b)(2)(i)

Usage

Browse dashboards and select 164.314(b)(2)(i):

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share aws_compliance.benchmark.hipaa_final_omnibus_security_rule_2013_164_314_b_2_i

Controls

• CloudTrail trail logs should be encrypted with KMS CMK
• DynamoDB Accelerator (DAX) clusters should be encrypted at rest
• DynamoDB table should have encryption enabled
• Attached EBS volumes should have encryption enabled
• EBS default encryption should be enabled
• EKS clusters should be configured to have kubernetes secrets encrypted using KMS
• ELB classic load balancers should only use SSL or HTTPS listeners
• ES domain encryption at rest should be enabled
• Elasticsearch domain node-to-node encryption should be enabled
• OpenSearch domains should have encryption at rest enabled
• OpenSearch domains should use HTTPS
• OpenSearch domains node-to-node encryption should be enabled
• RDS DB instance encryption at rest should be enabled
• RDS DB snapshots should be encrypted at rest
• Redshift cluster encryption in transit should be enabled
• AWS Redshift clusters should be encrypted with KMS
• Redshift clusters should prohibit public access
• S3 bucket default encryption should be enabled
• S3 bucket default encryption should be enabled with KMS
• S3 buckets should enforce SSL
• S3 buckets should prohibit public read access
• S3 buckets should prohibit public write access
• S3 public access should be blocked at account level
• SageMaker endpoint configuration encryption should be enabled
• SageMaker notebook instance encryption should be enabled
• VPC should be configured to use VPC endpoints

Tags