Continuous HIPAA Assessment and Remediation with AWS Audit Manager

VividCloud offers a comprehensive HIPAA Compliance Monitoring software solution to organizations which are required to maintain HIPAA compliance inside AWS environments. Our solution leverages AWS Config Rules to monitor AWS account activities and to provide real-time evaluation of AWS resources, ensuring that they are deployed and configured in a HIPAA-compliant manner. The evidence collected during the evaluation is summarized in AWS Audit Manager, allowing for easy visibility and reporting.

By implementing VividCloud's HIPAA Compliance Monitoring Solution, customers can benefit from automated deployments, real-time monitoring, comprehensive evaluation, proactive remediation, and immediate remediation workflow. The solution is customized to meet specific needs (see a sample Case Study .)

Four available Solution Tiers are described below: Assessment, Enhanced Assessment and Standard Remediation, Custom Remediation, and Landing Zone Assessment and Remediation.

Assessment

Our Standard HIPAA Compliance Package is designed to help organizations initiate their journey towards HIPAA compliance on AWS. This package is deployed using Infrastructure as Code (IaC) and Continuous Integration/Continuous Deployment (CI/CD) methodologies, allowing customers to fully own and control their compliance setup.

Features:

• Assessment Creation: Leverages AWS Audit Manager to create a comprehensive compliance assessment.

• Scope: Includes evaluation of

  • AWS Config
  • AWS Identity and Access Management (IAM)
  • AWS Elastic Compute Cloud (EC2)
  • AWS CloudTrail
  • AWS SecurityHub

Benefits:

• Provides a foundational assessment to understand current compliance status.
• Enables organizations to take initial steps towards HIPAA compliance.

Enhanced Assessment and Standard Remediation

Building upon the Standard HIPAA Compliance Package, this level enhances the assessment capabilities and introduces standard remediation actions to address common compliance gaps.

Features:

• Enhanced Reporting: Generates detailed compliance reports available in PDF format.
• Standard Remediation Actions: Includes automated remediation for
  • EBS encryption
  • ELBv2 access logs
  • Enable GuardDuty
  • S3 logging
  • S3 encryption
  • S3 SSL enforcement
  • SNS encryption
  • VPC flow logs
  • IAM user policy requirements
• Notifications: Sends compliance status notifications via email.

Benefits:

• Enhances visibility with detailed reporting.
• Proactively addresses common compliance issues with automated remediation.
• Keeps stakeholders informed through email notifications.

Custom Remediation

The Custom Remediation package takes the Enhanced Assessment a step further by allowing for customization of remediation actions and broadening notification options.

Features:

• Custom Remediation: Offers up to 5 custom remediation actions tailored to specific organizational needs.
• Advanced Notifications: Provides compliance notifications via MS Teams, Slack, or similar platforms.

Benefits:

• Tailors remediation actions to meet unique organizational requirements.
• Integrates with popular communication tools for better team collaboration and awareness.

Landing Zone Assessment and Remediation

Our most comprehensive package, the Landing Zone Assessment and Remediation, includes all features of the previous levels and adds advanced capabilities for setting up a secure and compliant AWS environment.

Features:

• Audit Account Setup: Establishes a dedicated audit account to centralize compliance monitoring.
• Logging Account Setup: Creates a logging account to centralize and secure log data.
• Automated Evidence and Remediation Deployment: Automates the deployment of compliance evidence collection and remediation actions across the AWS environment.

Benefits:

• Provides a robust and scalable framework for ongoing HIPAA compliance.
• Centralizes compliance monitoring and log management for enhanced security.
• Automates and streamlines compliance processes to reduce manual efforts and errors.