prowler-cloud 5.17.1__py3-none-any.whl → 5.18.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/compliance/hipaa_azure.py +25 -0
- dashboard/pages/overview.py +20 -11
- prowler/AGENTS.md +1 -1
- prowler/CHANGELOG.md +43 -0
- prowler/__main__.py +5 -0
- prowler/compliance/azure/hipaa_azure.json +820 -0
- prowler/compliance/m365/cis_4.0_m365.json +6 -2
- prowler/compliance/m365/cis_6.0_m365.json +6 -2
- prowler/compliance/m365/iso27001_2022_m365.json +13 -11
- prowler/compliance/openstack/__init__.py +0 -0
- prowler/config/config.py +2 -1
- prowler/config/config.yaml +4 -1
- prowler/config/openstack_mutelist_example.yaml +60 -0
- prowler/lib/check/check.py +4 -0
- prowler/lib/check/models.py +27 -2
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/finding.py +14 -0
- prowler/lib/outputs/html/html.py +72 -0
- prowler/lib/outputs/jira/jira.py +3 -3
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +7 -0
- prowler/lib/timeline/__init__.py +0 -0
- prowler/lib/timeline/models.py +27 -0
- prowler/lib/timeline/timeline.py +36 -0
- prowler/providers/aws/lib/cloudtrail_timeline/__init__.py +0 -0
- prowler/providers/aws/lib/cloudtrail_timeline/cloudtrail_timeline.py +218 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/__init__.py +0 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.metadata.json +40 -0
- prowler/providers/aws/services/codebuild/codebuild_project_webhook_filters_use_anchored_patterns/codebuild_project_webhook_filters_use_anchored_patterns.py +58 -0
- prowler/providers/aws/services/codebuild/codebuild_service.py +45 -0
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/dynamodb/dynamodb_table_cross_account_access/dynamodb_table_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_bus_cross_account_access/eventbridge_bus_cross_account_access.py +4 -0
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/eventbridge/eventbridge_schema_registry_cross_account_access/eventbridge_schema_registry_cross_account_access.py +2 -0
- prowler/providers/aws/services/iam/lib/policy.py +19 -3
- prowler/providers/aws/services/rds/rds_instance_extended_support/__init__.py +0 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.metadata.json +41 -0
- prowler/providers/aws/services/rds/rds_instance_extended_support/rds_instance_extended_support.py +37 -0
- prowler/providers/aws/services/rds/rds_service.py +4 -0
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.metadata.json +1 -1
- prowler/providers/aws/services/s3/s3_bucket_cross_account_access/s3_bucket_cross_account_access.py +5 -1
- prowler/providers/azure/lib/service/service.py +23 -0
- prowler/providers/azure/services/app/app_client_certificates_on/app_client_certificates_on.metadata.json +18 -12
- prowler/providers/azure/services/app/app_ensure_auth_is_set_up/app_ensure_auth_is_set_up.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ensure_http_is_redirected_to_https/app_ensure_http_is_redirected_to_https.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_java_version_is_latest/app_ensure_java_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_php_version_is_latest/app_ensure_php_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_python_version_is_latest/app_ensure_python_version_is_latest.metadata.json +19 -12
- prowler/providers/azure/services/app/app_ensure_using_http20/app_ensure_using_http20.metadata.json +18 -11
- prowler/providers/azure/services/app/app_ftp_deployment_disabled/app_ftp_deployment_disabled.metadata.json +21 -13
- prowler/providers/azure/services/app/app_function_access_keys_configured/app_function_access_keys_configured.metadata.json +19 -11
- prowler/providers/azure/services/app/app_function_application_insights_enabled/app_function_application_insights_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_function_ftps_deployment_disabled/app_function_ftps_deployment_disabled.metadata.json +18 -13
- prowler/providers/azure/services/app/app_function_identity_is_configured/app_function_identity_is_configured.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_identity_without_admin_privileges/app_function_identity_without_admin_privileges.metadata.json +18 -11
- prowler/providers/azure/services/app/app_function_latest_runtime_version/app_function_latest_runtime_version.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_not_publicly_accessible/app_function_not_publicly_accessible.metadata.json +20 -13
- prowler/providers/azure/services/app/app_function_vnet_integration_enabled/app_function_vnet_integration_enabled.metadata.json +21 -14
- prowler/providers/azure/services/app/app_http_logs_enabled/app_http_logs_enabled.metadata.json +18 -12
- prowler/providers/azure/services/app/app_minimum_tls_version_12/app_minimum_tls_version_12.metadata.json +20 -12
- prowler/providers/azure/services/app/app_register_with_identity/app_register_with_identity.metadata.json +18 -11
- prowler/providers/azure/services/appinsights/appinsights_ensure_is_configured/appinsights_ensure_is_configured.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_admin_user_disabled/containerregistry_admin_user_disabled.metadata.json +17 -11
- prowler/providers/azure/services/containerregistry/containerregistry_not_publicly_accessible/containerregistry_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/azure/services/containerregistry/containerregistry_uses_private_link/containerregistry_uses_private_link.metadata.json +21 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_firewall_use_selected_networks/cosmosdb_account_firewall_use_selected_networks.metadata.json +20 -12
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_aad_and_rbac/cosmosdb_account_use_aad_and_rbac.metadata.json +19 -13
- prowler/providers/azure/services/cosmosdb/cosmosdb_account_use_private_endpoints/cosmosdb_account_use_private_endpoints.metadata.json +20 -13
- prowler/providers/azure/services/databricks/databricks_workspace_cmk_encryption_enabled/databricks_workspace_cmk_encryption_enabled.metadata.json +20 -14
- prowler/providers/azure/services/databricks/databricks_workspace_vnet_injection_enabled/databricks_workspace_vnet_injection_enabled.metadata.json +20 -14
- prowler/providers/azure/services/defender/defender_additional_email_configured_with_a_security_contact/defender_additional_email_configured_with_a_security_contact.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_assessments_vm_endpoint_protection_installed/defender_assessments_vm_endpoint_protection_installed.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_attack_path_notifications_properly_configured/defender_attack_path_notifications_properly_configured.metadata.json +19 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_log_analytics_agent_vms_on/defender_auto_provisioning_log_analytics_agent_vms_on.metadata.json +20 -13
- prowler/providers/azure/services/defender/defender_auto_provisioning_vulnerabilty_assessments_machines_on/defender_auto_provisioning_vulnerabilty_assessments_machines_on.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_container_images_resolved_vulnerabilities/defender_container_images_resolved_vulnerabilities.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_container_images_scan_enabled/defender_container_images_scan_enabled.metadata.json +22 -13
- prowler/providers/azure/services/defender/defender_ensure_defender_for_app_services_is_on/defender_ensure_defender_for_app_services_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_arm_is_on/defender_ensure_defender_for_arm_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_azure_sql_databases_is_on/defender_ensure_defender_for_azure_sql_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_containers_is_on/defender_ensure_defender_for_containers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_cosmosdb_is_on/defender_ensure_defender_for_cosmosdb_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_databases_is_on/defender_ensure_defender_for_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_dns_is_on/defender_ensure_defender_for_dns_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_keyvault_is_on/defender_ensure_defender_for_keyvault_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_os_relational_databases_is_on/defender_ensure_defender_for_os_relational_databases_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_server_is_on/defender_ensure_defender_for_server_is_on.metadata.json +19 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_sql_servers_is_on/defender_ensure_defender_for_sql_servers_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_defender_for_storage_is_on/defender_ensure_defender_for_storage_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_iot_hub_defender_is_on/defender_ensure_iot_hub_defender_is_on.metadata.json +17 -11
- prowler/providers/azure/services/defender/defender_ensure_mcas_is_enabled/defender_ensure_mcas_is_enabled.metadata.json +20 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_alerts_severity_is_high/defender_ensure_notify_alerts_severity_is_high.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_notify_emails_to_owners/defender_ensure_notify_emails_to_owners.metadata.json +19 -12
- prowler/providers/azure/services/defender/defender_ensure_system_updates_are_applied/defender_ensure_system_updates_are_applied.metadata.json +17 -9
- prowler/providers/azure/services/defender/defender_ensure_wdatp_is_enabled/defender_ensure_wdatp_is_enabled.metadata.json +21 -13
- prowler/providers/azure/services/entra/entra_service.py +3 -11
- prowler/providers/azure/services/entra/entra_user_with_vm_access_has_mfa/entra_user_with_vm_access_has_mfa.py +6 -0
- prowler/providers/azure/services/iam/iam_custom_role_has_permissions_to_administer_resource_locks/iam_custom_role_has_permissions_to_administer_resource_locks.metadata.json +19 -13
- prowler/providers/azure/services/iam/iam_role_user_access_admin_restricted/iam_role_user_access_admin_restricted.metadata.json +16 -10
- prowler/providers/azure/services/iam/iam_subscription_roles_owner_custom_not_created/iam_subscription_roles_owner_custom_not_created.metadata.json +18 -12
- prowler/providers/azure/services/keyvault/keyvault_rbac_secret_expiration_set/keyvault_rbac_secret_expiration_set.py +10 -11
- prowler/providers/azure/services/keyvault/keyvault_service.py +164 -81
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_connection_activated/mysql_flexible_server_audit_log_connection_activated.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_audit_log_enabled/mysql_flexible_server_audit_log_enabled.metadata.json +19 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_minimum_tls_version_12/mysql_flexible_server_minimum_tls_version_12.metadata.json +18 -12
- prowler/providers/azure/services/mysql/mysql_flexible_server_ssl_connection_enabled/mysql_flexible_server_ssl_connection_enabled.metadata.json +19 -12
- prowler/providers/azure/services/network/network_bastion_host_exists/network_bastion_host_exists.metadata.json +21 -12
- prowler/providers/azure/services/network/network_flow_log_captured_sent/network_flow_log_captured_sent.metadata.json +19 -12
- prowler/providers/azure/services/network/network_flow_log_more_than_90_days/network_flow_log_more_than_90_days.metadata.json +21 -12
- prowler/providers/azure/services/network/network_http_internet_access_restricted/network_http_internet_access_restricted.metadata.json +18 -12
- prowler/providers/azure/services/network/network_public_ip_shodan/network_public_ip_shodan.metadata.json +15 -10
- prowler/providers/azure/services/network/network_rdp_internet_access_restricted/network_rdp_internet_access_restricted.metadata.json +20 -12
- prowler/providers/azure/services/network/network_ssh_internet_access_restricted/network_ssh_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_udp_internet_access_restricted/network_udp_internet_access_restricted.metadata.json +19 -12
- prowler/providers/azure/services/network/network_watcher_enabled/network_watcher_enabled.metadata.json +21 -13
- prowler/providers/azure/services/policy/policy_ensure_asc_enforcement_enabled/policy_ensure_asc_enforcement_enabled.metadata.json +16 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_allow_access_services_disabled/postgresql_flexible_server_allow_access_services_disabled.metadata.json +20 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_connection_throttling_on/postgresql_flexible_server_connection_throttling_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_enforce_ssl_enabled/postgresql_flexible_server_enforce_ssl_enabled.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_entra_id_authentication_enabled/postgresql_flexible_server_entra_id_authentication_enabled.metadata.json +4 -4
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_checkpoints_on/postgresql_flexible_server_log_checkpoints_on.metadata.json +19 -13
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_connections_on/postgresql_flexible_server_log_connections_on.metadata.json +18 -11
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_disconnections_on/postgresql_flexible_server_log_disconnections_on.metadata.json +18 -12
- prowler/providers/azure/services/postgresql/postgresql_flexible_server_log_retention_days_greater_3/postgresql_flexible_server_log_retention_days_greater_3.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_enabled/sqlserver_auditing_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_auditing_retention_90_days/sqlserver_auditing_retention_90_days.metadata.json +20 -12
- prowler/providers/azure/services/sqlserver/sqlserver_azuread_administrator_enabled/sqlserver_azuread_administrator_enabled.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_microsoft_defender_enabled/sqlserver_microsoft_defender_enabled.metadata.json +23 -13
- prowler/providers/azure/services/sqlserver/sqlserver_recommended_minimal_tls_version/sqlserver_recommended_minimal_tls_version.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encrypted_with_cmk/sqlserver_tde_encrypted_with_cmk.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_tde_encryption_enabled/sqlserver_tde_encryption_enabled.metadata.json +20 -13
- prowler/providers/azure/services/sqlserver/sqlserver_unrestricted_inbound_access/sqlserver_unrestricted_inbound_access.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_emails_notifications_admins_enabled/sqlserver_va_emails_notifications_admins_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_periodic_recurring_scans_enabled/sqlserver_va_periodic_recurring_scans_enabled.metadata.json +19 -12
- prowler/providers/azure/services/sqlserver/sqlserver_va_scan_reports_configured/sqlserver_va_scan_reports_configured.metadata.json +18 -12
- prowler/providers/azure/services/sqlserver/sqlserver_vulnerability_assessment_enabled/sqlserver_vulnerability_assessment_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_account_key_access_disabled/storage_account_key_access_disabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_blob_public_access_level_is_disabled/storage_blob_public_access_level_is_disabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_blob_versioning_is_enabled/storage_blob_versioning_is_enabled.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_cross_tenant_replication_disabled/storage_cross_tenant_replication_disabled.metadata.json +19 -13
- prowler/providers/azure/services/storage/storage_default_network_access_rule_is_denied/storage_default_network_access_rule_is_denied.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_default_to_entra_authorization_enabled/storage_default_to_entra_authorization_enabled.metadata.json +20 -13
- prowler/providers/azure/services/storage/storage_ensure_azure_services_are_trusted_to_access_is_enabled/storage_ensure_azure_services_are_trusted_to_access_is_enabled.metadata.json +17 -10
- prowler/providers/azure/services/storage/storage_ensure_encryption_with_customer_managed_keys/storage_ensure_encryption_with_customer_managed_keys.metadata.json +15 -10
- prowler/providers/azure/services/storage/storage_ensure_file_shares_soft_delete_is_enabled/storage_ensure_file_shares_soft_delete_is_enabled.metadata.json +18 -12
- prowler/providers/azure/services/storage/storage_ensure_minimum_tls_version_12/storage_ensure_minimum_tls_version_12.metadata.json +14 -10
- prowler/providers/azure/services/storage/storage_ensure_private_endpoints_in_storage_accounts/storage_ensure_private_endpoints_in_storage_accounts.metadata.json +19 -11
- prowler/providers/azure/services/storage/storage_ensure_soft_delete_is_enabled/storage_ensure_soft_delete_is_enabled.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_geo_redundant_enabled/storage_geo_redundant_enabled.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_infrastructure_encryption_is_enabled/storage_infrastructure_encryption_is_enabled.metadata.json +13 -9
- prowler/providers/azure/services/storage/storage_key_rotation_90_days/storage_key_rotation_90_days.metadata.json +17 -12
- prowler/providers/azure/services/storage/storage_secure_transfer_required_is_enabled/storage_secure_transfer_required_is_enabled.metadata.json +15 -11
- prowler/providers/azure/services/storage/storage_smb_channel_encryption_with_secure_algorithm/storage_smb_channel_encryption_with_secure_algorithm.metadata.json +19 -12
- prowler/providers/azure/services/storage/storage_smb_protocol_version_is_latest/storage_smb_protocol_version_is_latest.metadata.json +19 -13
- prowler/providers/cloudflare/cloudflare_provider.py +95 -12
- prowler/providers/cloudflare/lib/arguments/arguments.py +7 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_cname_target_valid/dns_record_cname_target_valid.py +109 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_internal_ip/dns_record_no_internal_ip.py +73 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_no_wildcard/dns_record_no_wildcard.py +60 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/__init__.py +0 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.metadata.json +36 -0
- prowler/providers/cloudflare/services/dns/dns_record_proxied/dns_record_proxied.py +49 -0
- prowler/providers/cloudflare/services/dns/dns_service.py +52 -6
- prowler/providers/cloudflare/services/firewall/__init__.py +0 -0
- prowler/providers/cloudflare/services/firewall/firewall_client.py +4 -0
- prowler/providers/cloudflare/services/firewall/firewall_service.py +123 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_firewall_blocking_rules_configured/zone_firewall_blocking_rules_configured.py +53 -0
- prowler/providers/cloudflare/services/zone/zone_service.py +133 -1
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/__init__.py +0 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.metadata.json +36 -0
- prowler/providers/cloudflare/services/zone/zone_waf_owasp_ruleset_enabled/zone_waf_owasp_ruleset_enabled.py +58 -0
- prowler/providers/common/provider.py +23 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_suspended_without_persistent_disks/compute_instance_suspended_without_persistent_disks.py +35 -0
- prowler/providers/gcp/services/compute/compute_service.py +2 -0
- prowler/providers/m365/lib/powershell/m365_powershell.py +47 -1
- prowler/providers/m365/services/defender/defender_service.py +52 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/__init__.py +0 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.metadata.json +38 -0
- prowler/providers/m365/services/defender/defender_zap_for_teams_enabled/defender_zap_for_teams_enabled.py +53 -0
- prowler/providers/m365/services/exchange/exchange_service.py +78 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/__init__.py +0 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.metadata.json +37 -0
- prowler/providers/m365/services/exchange/exchange_shared_mailbox_sign_in_disabled/exchange_shared_mailbox_sign_in_disabled.py +59 -0
- prowler/providers/openstack/__init__.py +0 -0
- prowler/providers/openstack/exceptions/__init__.py +0 -0
- prowler/providers/openstack/exceptions/exceptions.py +166 -0
- prowler/providers/openstack/lib/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/__init__.py +0 -0
- prowler/providers/openstack/lib/arguments/arguments.py +113 -0
- prowler/providers/openstack/lib/mutelist/__init__.py +0 -0
- prowler/providers/openstack/lib/mutelist/mutelist.py +31 -0
- prowler/providers/openstack/lib/service/__init__.py +0 -0
- prowler/providers/openstack/lib/service/service.py +21 -0
- prowler/providers/openstack/models.py +100 -0
- prowler/providers/openstack/openstack_provider.py +515 -0
- prowler/providers/openstack/services/__init__.py +0 -0
- prowler/providers/openstack/services/compute/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_client.py +4 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/__init__.py +0 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.metadata.json +40 -0
- prowler/providers/openstack/services/compute/compute_instance_security_groups_attached/compute_instance_security_groups_attached.py +35 -0
- prowler/providers/openstack/services/compute/compute_service.py +63 -0
- {prowler_cloud-5.17.1.dist-info → prowler_cloud-5.18.0.dist-info}/METADATA +11 -9
- {prowler_cloud-5.17.1.dist-info → prowler_cloud-5.18.0.dist-info}/RECORD +219 -155
- {prowler_cloud-5.17.1.dist-info → prowler_cloud-5.18.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.17.1.dist-info → prowler_cloud-5.18.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.17.1.dist-info → prowler_cloud-5.18.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,820 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Framework": "HIPAA",
|
|
3
|
+
"Name": "HIPAA compliance framework for Azure",
|
|
4
|
+
"Version": "",
|
|
5
|
+
"Provider": "Azure",
|
|
6
|
+
"Description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is legislation that helps US workers to retain health insurance coverage when they change or lose jobs. The legislation also seeks to encourage electronic health records to improve the efficiency and quality of the US healthcare system through improved information sharing. This framework maps HIPAA requirements to Microsoft Azure security best practices.",
|
|
7
|
+
"Requirements": [
|
|
8
|
+
{
|
|
9
|
+
"Id": "164_308_a_1_ii_a",
|
|
10
|
+
"Name": "164.308(a)(1)(ii)(A) Risk analysis",
|
|
11
|
+
"Description": "Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.",
|
|
12
|
+
"Attributes": [
|
|
13
|
+
{
|
|
14
|
+
"ItemId": "164_308_a_1_ii_a",
|
|
15
|
+
"Section": "164.308 Administrative Safeguards",
|
|
16
|
+
"Service": "azure"
|
|
17
|
+
}
|
|
18
|
+
],
|
|
19
|
+
"Checks": [
|
|
20
|
+
"defender_ensure_defender_for_server_is_on",
|
|
21
|
+
"defender_ensure_defender_for_app_services_is_on",
|
|
22
|
+
"defender_ensure_defender_for_sql_servers_is_on",
|
|
23
|
+
"defender_ensure_defender_for_storage_is_on",
|
|
24
|
+
"defender_ensure_defender_for_keyvault_is_on",
|
|
25
|
+
"defender_ensure_defender_for_arm_is_on",
|
|
26
|
+
"defender_ensure_defender_for_dns_is_on",
|
|
27
|
+
"defender_ensure_defender_for_containers_is_on",
|
|
28
|
+
"defender_ensure_defender_for_cosmosdb_is_on",
|
|
29
|
+
"defender_ensure_mcas_is_enabled",
|
|
30
|
+
"policy_ensure_asc_enforcement_enabled"
|
|
31
|
+
]
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"Id": "164_308_a_1_ii_b",
|
|
35
|
+
"Name": "164.308(a)(1)(ii)(B) Risk Management",
|
|
36
|
+
"Description": "Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 164.306(a): Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.",
|
|
37
|
+
"Attributes": [
|
|
38
|
+
{
|
|
39
|
+
"ItemId": "164_308_a_1_ii_b",
|
|
40
|
+
"Section": "164.308 Administrative Safeguards",
|
|
41
|
+
"Service": "azure"
|
|
42
|
+
}
|
|
43
|
+
],
|
|
44
|
+
"Checks": [
|
|
45
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
46
|
+
"storage_infrastructure_encryption_is_enabled",
|
|
47
|
+
"storage_blob_public_access_level_is_disabled",
|
|
48
|
+
"storage_default_network_access_rule_is_denied",
|
|
49
|
+
"storage_ensure_private_endpoints_in_storage_accounts",
|
|
50
|
+
"sqlserver_tde_encryption_enabled",
|
|
51
|
+
"sqlserver_tde_encrypted_with_cmk",
|
|
52
|
+
"sqlserver_unrestricted_inbound_access",
|
|
53
|
+
"keyvault_key_rotation_enabled",
|
|
54
|
+
"keyvault_rbac_enabled",
|
|
55
|
+
"keyvault_private_endpoints",
|
|
56
|
+
"vm_ensure_attached_disks_encrypted_with_cmk",
|
|
57
|
+
"vm_ensure_unattached_disks_encrypted_with_cmk",
|
|
58
|
+
"network_ssh_internet_access_restricted",
|
|
59
|
+
"network_rdp_internet_access_restricted",
|
|
60
|
+
"network_http_internet_access_restricted",
|
|
61
|
+
"network_udp_internet_access_restricted",
|
|
62
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
63
|
+
"iam_custom_role_has_permissions_to_administer_resource_locks",
|
|
64
|
+
"cosmosdb_account_firewall_use_selected_networks",
|
|
65
|
+
"cosmosdb_account_use_private_endpoints",
|
|
66
|
+
"aks_clusters_public_access_disabled",
|
|
67
|
+
"aks_clusters_created_with_private_nodes"
|
|
68
|
+
]
|
|
69
|
+
},
|
|
70
|
+
{
|
|
71
|
+
"Id": "164_308_a_1_ii_d",
|
|
72
|
+
"Name": "164.308(a)(1)(ii)(D) Information system activity review",
|
|
73
|
+
"Description": "Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.",
|
|
74
|
+
"Attributes": [
|
|
75
|
+
{
|
|
76
|
+
"ItemId": "164_308_a_1_ii_d",
|
|
77
|
+
"Section": "164.308 Administrative Safeguards",
|
|
78
|
+
"Service": "azure"
|
|
79
|
+
}
|
|
80
|
+
],
|
|
81
|
+
"Checks": [
|
|
82
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
83
|
+
"monitor_diagnostic_settings_exists",
|
|
84
|
+
"monitor_alert_create_policy_assignment",
|
|
85
|
+
"monitor_alert_delete_policy_assignment",
|
|
86
|
+
"monitor_alert_create_update_nsg",
|
|
87
|
+
"monitor_alert_delete_nsg",
|
|
88
|
+
"monitor_alert_create_update_security_solution",
|
|
89
|
+
"monitor_alert_delete_security_solution",
|
|
90
|
+
"sqlserver_auditing_enabled",
|
|
91
|
+
"sqlserver_auditing_retention_90_days",
|
|
92
|
+
"keyvault_logging_enabled",
|
|
93
|
+
"network_watcher_enabled",
|
|
94
|
+
"network_flow_log_captured_sent",
|
|
95
|
+
"network_flow_log_more_than_90_days",
|
|
96
|
+
"app_http_logs_enabled",
|
|
97
|
+
"appinsights_ensure_is_configured"
|
|
98
|
+
]
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"Id": "164_308_a_3_i",
|
|
102
|
+
"Name": "164.308(a)(3)(i) Workforce security",
|
|
103
|
+
"Description": "Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.",
|
|
104
|
+
"Attributes": [
|
|
105
|
+
{
|
|
106
|
+
"ItemId": "164_308_a_3_i",
|
|
107
|
+
"Section": "164.308 Administrative Safeguards",
|
|
108
|
+
"Service": "azure"
|
|
109
|
+
}
|
|
110
|
+
],
|
|
111
|
+
"Checks": [
|
|
112
|
+
"storage_blob_public_access_level_is_disabled",
|
|
113
|
+
"storage_default_network_access_rule_is_denied",
|
|
114
|
+
"sqlserver_unrestricted_inbound_access",
|
|
115
|
+
"network_ssh_internet_access_restricted",
|
|
116
|
+
"network_rdp_internet_access_restricted",
|
|
117
|
+
"network_http_internet_access_restricted",
|
|
118
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
119
|
+
"iam_role_user_access_admin_restricted",
|
|
120
|
+
"containerregistry_not_publicly_accessible",
|
|
121
|
+
"app_function_not_publicly_accessible",
|
|
122
|
+
"aisearch_service_not_publicly_accessible",
|
|
123
|
+
"cosmosdb_account_firewall_use_selected_networks"
|
|
124
|
+
]
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"Id": "164_308_a_3_ii_a",
|
|
128
|
+
"Name": "164.308(a)(3)(ii)(A) Authorization and/or supervision",
|
|
129
|
+
"Description": "Implement procedures for the authorization and/or supervision of workforce members who work with electronic protected health information or in locations where it might be accessed.",
|
|
130
|
+
"Attributes": [
|
|
131
|
+
{
|
|
132
|
+
"ItemId": "164_308_a_3_ii_a",
|
|
133
|
+
"Section": "164.308 Administrative Safeguards",
|
|
134
|
+
"Service": "azure"
|
|
135
|
+
}
|
|
136
|
+
],
|
|
137
|
+
"Checks": [
|
|
138
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
139
|
+
"monitor_diagnostic_settings_exists",
|
|
140
|
+
"sqlserver_auditing_enabled",
|
|
141
|
+
"keyvault_logging_enabled",
|
|
142
|
+
"entra_privileged_user_has_mfa",
|
|
143
|
+
"entra_non_privileged_user_has_mfa",
|
|
144
|
+
"entra_security_defaults_enabled",
|
|
145
|
+
"entra_conditional_access_policy_require_mfa_for_management_api",
|
|
146
|
+
"entra_user_with_vm_access_has_mfa",
|
|
147
|
+
"network_flow_log_captured_sent",
|
|
148
|
+
"app_http_logs_enabled"
|
|
149
|
+
]
|
|
150
|
+
},
|
|
151
|
+
{
|
|
152
|
+
"Id": "164_308_a_3_ii_b",
|
|
153
|
+
"Name": "164.308(a)(3)(ii)(B) Workforce clearance procedure",
|
|
154
|
+
"Description": "Implement procedures to determine that the access of a workforce member to electronic protected health information is appropriate.",
|
|
155
|
+
"Attributes": [
|
|
156
|
+
{
|
|
157
|
+
"ItemId": "164_308_a_3_ii_b",
|
|
158
|
+
"Section": "164.308 Administrative Safeguards",
|
|
159
|
+
"Service": "entra"
|
|
160
|
+
}
|
|
161
|
+
],
|
|
162
|
+
"Checks": [
|
|
163
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
164
|
+
"iam_role_user_access_admin_restricted",
|
|
165
|
+
"iam_custom_role_has_permissions_to_administer_resource_locks",
|
|
166
|
+
"entra_global_admin_in_less_than_five_users",
|
|
167
|
+
"entra_policy_default_users_cannot_create_security_groups",
|
|
168
|
+
"entra_policy_ensure_default_user_cannot_create_apps",
|
|
169
|
+
"entra_policy_guest_invite_only_for_admin_roles",
|
|
170
|
+
"entra_policy_guest_users_access_restrictions"
|
|
171
|
+
]
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
"Id": "164_308_a_3_ii_c",
|
|
175
|
+
"Name": "164.308(a)(3)(ii)(C) Termination procedures",
|
|
176
|
+
"Description": "Implement procedures for terminating access to electronic protected health information when the employment of, or other arrangement with, a workforce member ends or as required by determinations made as specified in paragraph (a)(3)(ii)(b).",
|
|
177
|
+
"Attributes": [
|
|
178
|
+
{
|
|
179
|
+
"ItemId": "164_308_a_3_ii_c",
|
|
180
|
+
"Section": "164.308 Administrative Safeguards",
|
|
181
|
+
"Service": "azure"
|
|
182
|
+
}
|
|
183
|
+
],
|
|
184
|
+
"Checks": [
|
|
185
|
+
"storage_key_rotation_90_days",
|
|
186
|
+
"keyvault_key_rotation_enabled",
|
|
187
|
+
"keyvault_rbac_key_expiration_set",
|
|
188
|
+
"keyvault_rbac_secret_expiration_set",
|
|
189
|
+
"keyvault_key_expiration_set_in_non_rbac",
|
|
190
|
+
"keyvault_non_rbac_secret_expiration_set"
|
|
191
|
+
]
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
"Id": "164_308_a_4_i",
|
|
195
|
+
"Name": "164.308(a)(4)(i) Information access management",
|
|
196
|
+
"Description": "Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part.",
|
|
197
|
+
"Attributes": [
|
|
198
|
+
{
|
|
199
|
+
"ItemId": "164_308_a_4_i",
|
|
200
|
+
"Section": "164.308 Administrative Safeguards",
|
|
201
|
+
"Service": "azure"
|
|
202
|
+
}
|
|
203
|
+
],
|
|
204
|
+
"Checks": [
|
|
205
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
206
|
+
"iam_role_user_access_admin_restricted",
|
|
207
|
+
"iam_custom_role_has_permissions_to_administer_resource_locks",
|
|
208
|
+
"keyvault_rbac_enabled",
|
|
209
|
+
"entra_global_admin_in_less_than_five_users",
|
|
210
|
+
"entra_policy_restricts_user_consent_for_apps",
|
|
211
|
+
"entra_policy_user_consent_for_verified_apps"
|
|
212
|
+
]
|
|
213
|
+
},
|
|
214
|
+
{
|
|
215
|
+
"Id": "164_308_a_4_ii_a",
|
|
216
|
+
"Name": "164.308(a)(4)(ii)(A) Isolating health care clearinghouse functions",
|
|
217
|
+
"Description": "If a health care clearinghouse is part of a larger organization, the clearinghouse must implement policies and procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.",
|
|
218
|
+
"Attributes": [
|
|
219
|
+
{
|
|
220
|
+
"ItemId": "164_308_a_4_ii_a",
|
|
221
|
+
"Section": "164.308 Administrative Safeguards",
|
|
222
|
+
"Service": "azure"
|
|
223
|
+
}
|
|
224
|
+
],
|
|
225
|
+
"Checks": [
|
|
226
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
227
|
+
"storage_infrastructure_encryption_is_enabled",
|
|
228
|
+
"storage_ensure_private_endpoints_in_storage_accounts",
|
|
229
|
+
"storage_default_network_access_rule_is_denied",
|
|
230
|
+
"sqlserver_tde_encryption_enabled",
|
|
231
|
+
"sqlserver_tde_encrypted_with_cmk",
|
|
232
|
+
"sqlserver_auditing_enabled",
|
|
233
|
+
"keyvault_key_rotation_enabled",
|
|
234
|
+
"keyvault_logging_enabled",
|
|
235
|
+
"keyvault_private_endpoints",
|
|
236
|
+
"vm_ensure_attached_disks_encrypted_with_cmk",
|
|
237
|
+
"vm_backup_enabled",
|
|
238
|
+
"cosmosdb_account_use_private_endpoints",
|
|
239
|
+
"databricks_workspace_cmk_encryption_enabled",
|
|
240
|
+
"databricks_workspace_vnet_injection_enabled"
|
|
241
|
+
]
|
|
242
|
+
},
|
|
243
|
+
{
|
|
244
|
+
"Id": "164_308_a_4_ii_b",
|
|
245
|
+
"Name": "164.308(a)(4)(ii)(B) Access authorization",
|
|
246
|
+
"Description": "Implement policies and procedures for granting access to electronic protected health information, as one illustrative example, through access to a workstation, transaction, program, process, or other mechanism.",
|
|
247
|
+
"Attributes": [
|
|
248
|
+
{
|
|
249
|
+
"ItemId": "164_308_a_4_ii_b",
|
|
250
|
+
"Section": "164.308 Administrative Safeguards",
|
|
251
|
+
"Service": "azure"
|
|
252
|
+
}
|
|
253
|
+
],
|
|
254
|
+
"Checks": [
|
|
255
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
256
|
+
"iam_role_user_access_admin_restricted",
|
|
257
|
+
"iam_custom_role_has_permissions_to_administer_resource_locks",
|
|
258
|
+
"keyvault_rbac_enabled",
|
|
259
|
+
"aks_cluster_rbac_enabled",
|
|
260
|
+
"cosmosdb_account_use_aad_and_rbac",
|
|
261
|
+
"sqlserver_azuread_administrator_enabled",
|
|
262
|
+
"entra_global_admin_in_less_than_five_users"
|
|
263
|
+
]
|
|
264
|
+
},
|
|
265
|
+
{
|
|
266
|
+
"Id": "164_308_a_4_ii_c",
|
|
267
|
+
"Name": "164.308(a)(4)(ii)(C) Access establishment and modification",
|
|
268
|
+
"Description": "Implement policies and procedures that, based upon the covered entity's or the business associate's access authorization policies, establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process.",
|
|
269
|
+
"Attributes": [
|
|
270
|
+
{
|
|
271
|
+
"ItemId": "164_308_a_4_ii_c",
|
|
272
|
+
"Section": "164.308 Administrative Safeguards",
|
|
273
|
+
"Service": "azure"
|
|
274
|
+
}
|
|
275
|
+
],
|
|
276
|
+
"Checks": [
|
|
277
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
278
|
+
"iam_role_user_access_admin_restricted",
|
|
279
|
+
"storage_key_rotation_90_days",
|
|
280
|
+
"keyvault_key_rotation_enabled",
|
|
281
|
+
"keyvault_rbac_key_expiration_set",
|
|
282
|
+
"keyvault_rbac_secret_expiration_set",
|
|
283
|
+
"entra_global_admin_in_less_than_five_users",
|
|
284
|
+
"entra_policy_default_users_cannot_create_security_groups",
|
|
285
|
+
"entra_policy_ensure_default_user_cannot_create_apps"
|
|
286
|
+
]
|
|
287
|
+
},
|
|
288
|
+
{
|
|
289
|
+
"Id": "164_308_a_5_ii_b",
|
|
290
|
+
"Name": "164.308(a)(5)(ii)(B) Protection from malicious software",
|
|
291
|
+
"Description": "Procedures for guarding against, detecting, and reporting malicious software.",
|
|
292
|
+
"Attributes": [
|
|
293
|
+
{
|
|
294
|
+
"ItemId": "164_308_a_5_ii_b",
|
|
295
|
+
"Section": "164.308 Administrative Safeguards",
|
|
296
|
+
"Service": "azure"
|
|
297
|
+
}
|
|
298
|
+
],
|
|
299
|
+
"Checks": [
|
|
300
|
+
"defender_ensure_defender_for_server_is_on",
|
|
301
|
+
"defender_ensure_wdatp_is_enabled",
|
|
302
|
+
"defender_assessments_vm_endpoint_protection_installed",
|
|
303
|
+
"defender_ensure_system_updates_are_applied",
|
|
304
|
+
"defender_container_images_scan_enabled",
|
|
305
|
+
"defender_container_images_resolved_vulnerabilities"
|
|
306
|
+
]
|
|
307
|
+
},
|
|
308
|
+
{
|
|
309
|
+
"Id": "164_308_a_5_ii_c",
|
|
310
|
+
"Name": "164.308(a)(5)(ii)(C) Log-in monitoring",
|
|
311
|
+
"Description": "Procedures for monitoring log-in attempts and reporting discrepancies.",
|
|
312
|
+
"Attributes": [
|
|
313
|
+
{
|
|
314
|
+
"ItemId": "164_308_a_5_ii_c",
|
|
315
|
+
"Section": "164.308 Administrative Safeguards",
|
|
316
|
+
"Service": "azure"
|
|
317
|
+
}
|
|
318
|
+
],
|
|
319
|
+
"Checks": [
|
|
320
|
+
"defender_ensure_defender_for_server_is_on",
|
|
321
|
+
"defender_ensure_mcas_is_enabled",
|
|
322
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
323
|
+
"entra_security_defaults_enabled",
|
|
324
|
+
"sqlserver_auditing_enabled",
|
|
325
|
+
"keyvault_logging_enabled"
|
|
326
|
+
]
|
|
327
|
+
},
|
|
328
|
+
{
|
|
329
|
+
"Id": "164_308_a_5_ii_d",
|
|
330
|
+
"Name": "164.308(a)(5)(ii)(D) Password management",
|
|
331
|
+
"Description": "Procedures for creating, changing, and safeguarding passwords.",
|
|
332
|
+
"Attributes": [
|
|
333
|
+
{
|
|
334
|
+
"ItemId": "164_308_a_5_ii_d",
|
|
335
|
+
"Section": "164.308 Administrative Safeguards",
|
|
336
|
+
"Service": "entra"
|
|
337
|
+
}
|
|
338
|
+
],
|
|
339
|
+
"Checks": [
|
|
340
|
+
"entra_security_defaults_enabled",
|
|
341
|
+
"entra_privileged_user_has_mfa",
|
|
342
|
+
"entra_non_privileged_user_has_mfa",
|
|
343
|
+
"storage_key_rotation_90_days",
|
|
344
|
+
"keyvault_key_rotation_enabled",
|
|
345
|
+
"keyvault_rbac_key_expiration_set",
|
|
346
|
+
"keyvault_rbac_secret_expiration_set"
|
|
347
|
+
]
|
|
348
|
+
},
|
|
349
|
+
{
|
|
350
|
+
"Id": "164_308_a_6_i",
|
|
351
|
+
"Name": "164.308(a)(6)(i) Security incident procedures",
|
|
352
|
+
"Description": "Implement policies and procedures to address security incidents.",
|
|
353
|
+
"Attributes": [
|
|
354
|
+
{
|
|
355
|
+
"ItemId": "164_308_a_6_i",
|
|
356
|
+
"Section": "164.308 Administrative Safeguards",
|
|
357
|
+
"Service": "azure"
|
|
358
|
+
}
|
|
359
|
+
],
|
|
360
|
+
"Checks": [
|
|
361
|
+
"monitor_alert_create_update_nsg",
|
|
362
|
+
"monitor_alert_delete_nsg",
|
|
363
|
+
"monitor_alert_create_update_security_solution",
|
|
364
|
+
"monitor_alert_delete_security_solution",
|
|
365
|
+
"monitor_alert_service_health_exists",
|
|
366
|
+
"defender_ensure_defender_for_server_is_on",
|
|
367
|
+
"defender_ensure_notify_alerts_severity_is_high",
|
|
368
|
+
"defender_ensure_notify_emails_to_owners",
|
|
369
|
+
"defender_additional_email_configured_with_a_security_contact",
|
|
370
|
+
"defender_attack_path_notifications_properly_configured"
|
|
371
|
+
]
|
|
372
|
+
},
|
|
373
|
+
{
|
|
374
|
+
"Id": "164_308_a_6_ii",
|
|
375
|
+
"Name": "164.308(a)(6)(ii) Response and reporting",
|
|
376
|
+
"Description": "Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes.",
|
|
377
|
+
"Attributes": [
|
|
378
|
+
{
|
|
379
|
+
"ItemId": "164_308_a_6_ii",
|
|
380
|
+
"Section": "164.308 Administrative Safeguards",
|
|
381
|
+
"Service": "azure"
|
|
382
|
+
}
|
|
383
|
+
],
|
|
384
|
+
"Checks": [
|
|
385
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
386
|
+
"monitor_diagnostic_settings_exists",
|
|
387
|
+
"monitor_alert_create_update_nsg",
|
|
388
|
+
"monitor_alert_delete_nsg",
|
|
389
|
+
"defender_ensure_defender_for_server_is_on",
|
|
390
|
+
"defender_ensure_notify_alerts_severity_is_high",
|
|
391
|
+
"defender_ensure_notify_emails_to_owners",
|
|
392
|
+
"defender_additional_email_configured_with_a_security_contact",
|
|
393
|
+
"sqlserver_auditing_enabled",
|
|
394
|
+
"keyvault_logging_enabled",
|
|
395
|
+
"network_flow_log_captured_sent",
|
|
396
|
+
"app_http_logs_enabled"
|
|
397
|
+
]
|
|
398
|
+
},
|
|
399
|
+
{
|
|
400
|
+
"Id": "164_308_a_7_i",
|
|
401
|
+
"Name": "164.308(a)(7)(i) Contingency plan",
|
|
402
|
+
"Description": "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.",
|
|
403
|
+
"Attributes": [
|
|
404
|
+
{
|
|
405
|
+
"ItemId": "164_308_a_7_i",
|
|
406
|
+
"Section": "164.308 Administrative Safeguards",
|
|
407
|
+
"Service": "azure"
|
|
408
|
+
}
|
|
409
|
+
],
|
|
410
|
+
"Checks": [
|
|
411
|
+
"vm_backup_enabled",
|
|
412
|
+
"vm_sufficient_daily_backup_retention_period",
|
|
413
|
+
"storage_blob_versioning_is_enabled",
|
|
414
|
+
"storage_ensure_soft_delete_is_enabled",
|
|
415
|
+
"storage_ensure_file_shares_soft_delete_is_enabled",
|
|
416
|
+
"storage_geo_redundant_enabled",
|
|
417
|
+
"keyvault_recoverable",
|
|
418
|
+
"sqlserver_auditing_retention_90_days"
|
|
419
|
+
]
|
|
420
|
+
},
|
|
421
|
+
{
|
|
422
|
+
"Id": "164_308_a_7_ii_a",
|
|
423
|
+
"Name": "164.308(a)(7)(ii)(A) Data backup plan",
|
|
424
|
+
"Description": "Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.",
|
|
425
|
+
"Attributes": [
|
|
426
|
+
{
|
|
427
|
+
"ItemId": "164_308_a_7_ii_a",
|
|
428
|
+
"Section": "164.308 Administrative Safeguards",
|
|
429
|
+
"Service": "azure"
|
|
430
|
+
}
|
|
431
|
+
],
|
|
432
|
+
"Checks": [
|
|
433
|
+
"vm_backup_enabled",
|
|
434
|
+
"vm_sufficient_daily_backup_retention_period",
|
|
435
|
+
"storage_blob_versioning_is_enabled",
|
|
436
|
+
"storage_ensure_soft_delete_is_enabled",
|
|
437
|
+
"storage_ensure_file_shares_soft_delete_is_enabled",
|
|
438
|
+
"storage_geo_redundant_enabled",
|
|
439
|
+
"keyvault_recoverable",
|
|
440
|
+
"sqlserver_auditing_retention_90_days",
|
|
441
|
+
"postgresql_flexible_server_log_retention_days_greater_3"
|
|
442
|
+
]
|
|
443
|
+
},
|
|
444
|
+
{
|
|
445
|
+
"Id": "164_308_a_7_ii_b",
|
|
446
|
+
"Name": "164.308(a)(7)(ii)(B) Disaster recovery plan",
|
|
447
|
+
"Description": "Establish (and implement as needed) procedures to restore any loss of data.",
|
|
448
|
+
"Attributes": [
|
|
449
|
+
{
|
|
450
|
+
"ItemId": "164_308_a_7_ii_b",
|
|
451
|
+
"Section": "164.308 Administrative Safeguards",
|
|
452
|
+
"Service": "azure"
|
|
453
|
+
}
|
|
454
|
+
],
|
|
455
|
+
"Checks": [
|
|
456
|
+
"vm_backup_enabled",
|
|
457
|
+
"vm_sufficient_daily_backup_retention_period",
|
|
458
|
+
"storage_blob_versioning_is_enabled",
|
|
459
|
+
"storage_ensure_soft_delete_is_enabled",
|
|
460
|
+
"storage_geo_redundant_enabled",
|
|
461
|
+
"keyvault_recoverable"
|
|
462
|
+
]
|
|
463
|
+
},
|
|
464
|
+
{
|
|
465
|
+
"Id": "164_308_a_7_ii_c",
|
|
466
|
+
"Name": "164.308(a)(7)(ii)(C) Emergency mode operation plan",
|
|
467
|
+
"Description": "Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.",
|
|
468
|
+
"Attributes": [
|
|
469
|
+
{
|
|
470
|
+
"ItemId": "164_308_a_7_ii_c",
|
|
471
|
+
"Section": "164.308 Administrative Safeguards",
|
|
472
|
+
"Service": "azure"
|
|
473
|
+
}
|
|
474
|
+
],
|
|
475
|
+
"Checks": [
|
|
476
|
+
"vm_backup_enabled",
|
|
477
|
+
"vm_sufficient_daily_backup_retention_period",
|
|
478
|
+
"storage_blob_versioning_is_enabled",
|
|
479
|
+
"storage_ensure_soft_delete_is_enabled",
|
|
480
|
+
"storage_geo_redundant_enabled",
|
|
481
|
+
"keyvault_recoverable"
|
|
482
|
+
]
|
|
483
|
+
},
|
|
484
|
+
{
|
|
485
|
+
"Id": "164_308_a_8",
|
|
486
|
+
"Name": "164.308(a)(8) Evaluation",
|
|
487
|
+
"Description": "Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which an entity's security policies and procedures meet the requirements of this subpart.",
|
|
488
|
+
"Attributes": [
|
|
489
|
+
{
|
|
490
|
+
"ItemId": "164_308_a_8",
|
|
491
|
+
"Section": "164.308 Administrative Safeguards",
|
|
492
|
+
"Service": "azure"
|
|
493
|
+
}
|
|
494
|
+
],
|
|
495
|
+
"Checks": [
|
|
496
|
+
"defender_ensure_defender_for_server_is_on",
|
|
497
|
+
"defender_ensure_mcas_is_enabled",
|
|
498
|
+
"sqlserver_vulnerability_assessment_enabled",
|
|
499
|
+
"sqlserver_va_periodic_recurring_scans_enabled",
|
|
500
|
+
"sqlserver_va_scan_reports_configured",
|
|
501
|
+
"sqlserver_va_emails_notifications_admins_enabled",
|
|
502
|
+
"policy_ensure_asc_enforcement_enabled"
|
|
503
|
+
]
|
|
504
|
+
},
|
|
505
|
+
{
|
|
506
|
+
"Id": "164_310_a_1",
|
|
507
|
+
"Name": "164.310(a)(1) Facility access controls",
|
|
508
|
+
"Description": "Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.",
|
|
509
|
+
"Attributes": [
|
|
510
|
+
{
|
|
511
|
+
"ItemId": "164_310_a_1",
|
|
512
|
+
"Section": "164.310 Physical Safeguards",
|
|
513
|
+
"Service": "azure"
|
|
514
|
+
}
|
|
515
|
+
],
|
|
516
|
+
"Checks": [
|
|
517
|
+
"network_ssh_internet_access_restricted",
|
|
518
|
+
"network_rdp_internet_access_restricted",
|
|
519
|
+
"network_http_internet_access_restricted",
|
|
520
|
+
"network_bastion_host_exists",
|
|
521
|
+
"vm_jit_access_enabled",
|
|
522
|
+
"aks_clusters_public_access_disabled",
|
|
523
|
+
"aks_clusters_created_with_private_nodes"
|
|
524
|
+
]
|
|
525
|
+
},
|
|
526
|
+
{
|
|
527
|
+
"Id": "164_310_d_1",
|
|
528
|
+
"Name": "164.310(d)(1) Device and media controls",
|
|
529
|
+
"Description": "Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.",
|
|
530
|
+
"Attributes": [
|
|
531
|
+
{
|
|
532
|
+
"ItemId": "164_310_d_1",
|
|
533
|
+
"Section": "164.310 Physical Safeguards",
|
|
534
|
+
"Service": "azure"
|
|
535
|
+
}
|
|
536
|
+
],
|
|
537
|
+
"Checks": [
|
|
538
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
539
|
+
"storage_infrastructure_encryption_is_enabled",
|
|
540
|
+
"vm_ensure_attached_disks_encrypted_with_cmk",
|
|
541
|
+
"vm_ensure_unattached_disks_encrypted_with_cmk",
|
|
542
|
+
"vm_ensure_using_managed_disks",
|
|
543
|
+
"sqlserver_tde_encryption_enabled",
|
|
544
|
+
"databricks_workspace_cmk_encryption_enabled"
|
|
545
|
+
]
|
|
546
|
+
},
|
|
547
|
+
{
|
|
548
|
+
"Id": "164_312_a_1",
|
|
549
|
+
"Name": "164.312(a)(1) Access control",
|
|
550
|
+
"Description": "Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4).",
|
|
551
|
+
"Attributes": [
|
|
552
|
+
{
|
|
553
|
+
"ItemId": "164_312_a_1",
|
|
554
|
+
"Section": "164.312 Technical Safeguards",
|
|
555
|
+
"Service": "azure"
|
|
556
|
+
}
|
|
557
|
+
],
|
|
558
|
+
"Checks": [
|
|
559
|
+
"storage_blob_public_access_level_is_disabled",
|
|
560
|
+
"storage_default_network_access_rule_is_denied",
|
|
561
|
+
"storage_ensure_private_endpoints_in_storage_accounts",
|
|
562
|
+
"sqlserver_unrestricted_inbound_access",
|
|
563
|
+
"network_ssh_internet_access_restricted",
|
|
564
|
+
"network_rdp_internet_access_restricted",
|
|
565
|
+
"network_http_internet_access_restricted",
|
|
566
|
+
"iam_subscription_roles_owner_custom_not_created",
|
|
567
|
+
"iam_role_user_access_admin_restricted",
|
|
568
|
+
"entra_privileged_user_has_mfa",
|
|
569
|
+
"containerregistry_not_publicly_accessible",
|
|
570
|
+
"app_function_not_publicly_accessible",
|
|
571
|
+
"aisearch_service_not_publicly_accessible",
|
|
572
|
+
"cosmosdb_account_firewall_use_selected_networks",
|
|
573
|
+
"cosmosdb_account_use_private_endpoints",
|
|
574
|
+
"aks_clusters_public_access_disabled"
|
|
575
|
+
]
|
|
576
|
+
},
|
|
577
|
+
{
|
|
578
|
+
"Id": "164_312_a_2_i",
|
|
579
|
+
"Name": "164.312(a)(2)(i) Unique user identification",
|
|
580
|
+
"Description": "Assign a unique name and/or number for identifying and tracking user identity.",
|
|
581
|
+
"Attributes": [
|
|
582
|
+
{
|
|
583
|
+
"ItemId": "164_312_a_2_i",
|
|
584
|
+
"Section": "164.312 Technical Safeguards",
|
|
585
|
+
"Service": "azure"
|
|
586
|
+
}
|
|
587
|
+
],
|
|
588
|
+
"Checks": [
|
|
589
|
+
"sqlserver_auditing_enabled",
|
|
590
|
+
"sqlserver_azuread_administrator_enabled",
|
|
591
|
+
"entra_security_defaults_enabled",
|
|
592
|
+
"storage_default_to_entra_authorization_enabled",
|
|
593
|
+
"cosmosdb_account_use_aad_and_rbac",
|
|
594
|
+
"postgresql_flexible_server_entra_id_authentication_enabled"
|
|
595
|
+
]
|
|
596
|
+
},
|
|
597
|
+
{
|
|
598
|
+
"Id": "164_312_a_2_ii",
|
|
599
|
+
"Name": "164.312(a)(2)(ii) Emergency access procedure",
|
|
600
|
+
"Description": "Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.",
|
|
601
|
+
"Attributes": [
|
|
602
|
+
{
|
|
603
|
+
"ItemId": "164_312_a_2_ii",
|
|
604
|
+
"Section": "164.312 Technical Safeguards",
|
|
605
|
+
"Service": "azure"
|
|
606
|
+
}
|
|
607
|
+
],
|
|
608
|
+
"Checks": [
|
|
609
|
+
"vm_backup_enabled",
|
|
610
|
+
"vm_sufficient_daily_backup_retention_period",
|
|
611
|
+
"storage_blob_versioning_is_enabled",
|
|
612
|
+
"storage_ensure_soft_delete_is_enabled",
|
|
613
|
+
"storage_geo_redundant_enabled",
|
|
614
|
+
"keyvault_recoverable"
|
|
615
|
+
]
|
|
616
|
+
},
|
|
617
|
+
{
|
|
618
|
+
"Id": "164_312_a_2_iv",
|
|
619
|
+
"Name": "164.312(a)(2)(iv) Encryption and decryption",
|
|
620
|
+
"Description": "Implement a mechanism to encrypt and decrypt electronic protected health information.",
|
|
621
|
+
"Attributes": [
|
|
622
|
+
{
|
|
623
|
+
"ItemId": "164_312_a_2_iv",
|
|
624
|
+
"Section": "164.312 Technical Safeguards",
|
|
625
|
+
"Service": "azure"
|
|
626
|
+
}
|
|
627
|
+
],
|
|
628
|
+
"Checks": [
|
|
629
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
630
|
+
"storage_infrastructure_encryption_is_enabled",
|
|
631
|
+
"storage_secure_transfer_required_is_enabled",
|
|
632
|
+
"sqlserver_tde_encryption_enabled",
|
|
633
|
+
"sqlserver_tde_encrypted_with_cmk",
|
|
634
|
+
"keyvault_key_rotation_enabled",
|
|
635
|
+
"vm_ensure_attached_disks_encrypted_with_cmk",
|
|
636
|
+
"vm_ensure_unattached_disks_encrypted_with_cmk",
|
|
637
|
+
"databricks_workspace_cmk_encryption_enabled",
|
|
638
|
+
"monitor_storage_account_with_activity_logs_cmk_encrypted"
|
|
639
|
+
]
|
|
640
|
+
},
|
|
641
|
+
{
|
|
642
|
+
"Id": "164_312_b",
|
|
643
|
+
"Name": "164.312(b) Audit controls",
|
|
644
|
+
"Description": "Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.",
|
|
645
|
+
"Attributes": [
|
|
646
|
+
{
|
|
647
|
+
"ItemId": "164_312_b",
|
|
648
|
+
"Section": "164.312 Technical Safeguards",
|
|
649
|
+
"Service": "azure"
|
|
650
|
+
}
|
|
651
|
+
],
|
|
652
|
+
"Checks": [
|
|
653
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
654
|
+
"monitor_diagnostic_settings_exists",
|
|
655
|
+
"monitor_alert_create_policy_assignment",
|
|
656
|
+
"monitor_alert_delete_policy_assignment",
|
|
657
|
+
"monitor_alert_create_update_nsg",
|
|
658
|
+
"monitor_alert_delete_nsg",
|
|
659
|
+
"monitor_alert_create_update_sqlserver_fr",
|
|
660
|
+
"monitor_alert_delete_sqlserver_fr",
|
|
661
|
+
"sqlserver_auditing_enabled",
|
|
662
|
+
"sqlserver_auditing_retention_90_days",
|
|
663
|
+
"keyvault_logging_enabled",
|
|
664
|
+
"network_watcher_enabled",
|
|
665
|
+
"network_flow_log_captured_sent",
|
|
666
|
+
"network_flow_log_more_than_90_days",
|
|
667
|
+
"app_http_logs_enabled",
|
|
668
|
+
"appinsights_ensure_is_configured",
|
|
669
|
+
"postgresql_flexible_server_log_checkpoints_on",
|
|
670
|
+
"postgresql_flexible_server_log_connections_on",
|
|
671
|
+
"postgresql_flexible_server_log_disconnections_on",
|
|
672
|
+
"mysql_flexible_server_audit_log_enabled",
|
|
673
|
+
"mysql_flexible_server_audit_log_connection_activated"
|
|
674
|
+
]
|
|
675
|
+
},
|
|
676
|
+
{
|
|
677
|
+
"Id": "164_312_c_1",
|
|
678
|
+
"Name": "164.312(c)(1) Integrity",
|
|
679
|
+
"Description": "Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.",
|
|
680
|
+
"Attributes": [
|
|
681
|
+
{
|
|
682
|
+
"ItemId": "164_312_c_1",
|
|
683
|
+
"Section": "164.312 Technical Safeguards",
|
|
684
|
+
"Service": "azure"
|
|
685
|
+
}
|
|
686
|
+
],
|
|
687
|
+
"Checks": [
|
|
688
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
689
|
+
"storage_blob_versioning_is_enabled",
|
|
690
|
+
"storage_secure_transfer_required_is_enabled",
|
|
691
|
+
"keyvault_key_rotation_enabled",
|
|
692
|
+
"keyvault_recoverable",
|
|
693
|
+
"sqlserver_tde_encryption_enabled",
|
|
694
|
+
"vm_ensure_attached_disks_encrypted_with_cmk"
|
|
695
|
+
]
|
|
696
|
+
},
|
|
697
|
+
{
|
|
698
|
+
"Id": "164_312_c_2",
|
|
699
|
+
"Name": "164.312(c)(2) Mechanism to authenticate electronic protected health information",
|
|
700
|
+
"Description": "Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.",
|
|
701
|
+
"Attributes": [
|
|
702
|
+
{
|
|
703
|
+
"ItemId": "164_312_c_2",
|
|
704
|
+
"Section": "164.312 Technical Safeguards",
|
|
705
|
+
"Service": "azure"
|
|
706
|
+
}
|
|
707
|
+
],
|
|
708
|
+
"Checks": [
|
|
709
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
710
|
+
"storage_blob_versioning_is_enabled",
|
|
711
|
+
"storage_secure_transfer_required_is_enabled",
|
|
712
|
+
"keyvault_key_rotation_enabled",
|
|
713
|
+
"keyvault_logging_enabled",
|
|
714
|
+
"sqlserver_auditing_enabled",
|
|
715
|
+
"network_flow_log_captured_sent"
|
|
716
|
+
]
|
|
717
|
+
},
|
|
718
|
+
{
|
|
719
|
+
"Id": "164_312_d",
|
|
720
|
+
"Name": "164.312(d) Person or entity authentication",
|
|
721
|
+
"Description": "Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.",
|
|
722
|
+
"Attributes": [
|
|
723
|
+
{
|
|
724
|
+
"ItemId": "164_312_d",
|
|
725
|
+
"Section": "164.312 Technical Safeguards",
|
|
726
|
+
"Service": "entra"
|
|
727
|
+
}
|
|
728
|
+
],
|
|
729
|
+
"Checks": [
|
|
730
|
+
"entra_security_defaults_enabled",
|
|
731
|
+
"entra_privileged_user_has_mfa",
|
|
732
|
+
"entra_non_privileged_user_has_mfa",
|
|
733
|
+
"entra_conditional_access_policy_require_mfa_for_management_api",
|
|
734
|
+
"entra_user_with_vm_access_has_mfa",
|
|
735
|
+
"entra_trusted_named_locations_exists",
|
|
736
|
+
"sqlserver_azuread_administrator_enabled",
|
|
737
|
+
"postgresql_flexible_server_entra_id_authentication_enabled"
|
|
738
|
+
]
|
|
739
|
+
},
|
|
740
|
+
{
|
|
741
|
+
"Id": "164_312_e_1",
|
|
742
|
+
"Name": "164.312(e)(1) Transmission security",
|
|
743
|
+
"Description": "Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.",
|
|
744
|
+
"Attributes": [
|
|
745
|
+
{
|
|
746
|
+
"ItemId": "164_312_e_1",
|
|
747
|
+
"Section": "164.312 Technical Safeguards",
|
|
748
|
+
"Service": "azure"
|
|
749
|
+
}
|
|
750
|
+
],
|
|
751
|
+
"Checks": [
|
|
752
|
+
"storage_secure_transfer_required_is_enabled",
|
|
753
|
+
"storage_ensure_minimum_tls_version_12",
|
|
754
|
+
"sqlserver_recommended_minimal_tls_version",
|
|
755
|
+
"app_minimum_tls_version_12",
|
|
756
|
+
"app_ensure_http_is_redirected_to_https",
|
|
757
|
+
"app_ensure_using_http20",
|
|
758
|
+
"app_function_ftps_deployment_disabled",
|
|
759
|
+
"app_ftp_deployment_disabled",
|
|
760
|
+
"network_ssh_internet_access_restricted",
|
|
761
|
+
"network_rdp_internet_access_restricted",
|
|
762
|
+
"mysql_flexible_server_minimum_tls_version_12",
|
|
763
|
+
"mysql_flexible_server_ssl_connection_enabled",
|
|
764
|
+
"postgresql_flexible_server_enforce_ssl_enabled"
|
|
765
|
+
]
|
|
766
|
+
},
|
|
767
|
+
{
|
|
768
|
+
"Id": "164_312_e_2_i",
|
|
769
|
+
"Name": "164.312(e)(2)(i) Integrity controls",
|
|
770
|
+
"Description": "Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.",
|
|
771
|
+
"Attributes": [
|
|
772
|
+
{
|
|
773
|
+
"ItemId": "164_312_e_2_i",
|
|
774
|
+
"Section": "164.312 Technical Safeguards",
|
|
775
|
+
"Service": "azure"
|
|
776
|
+
}
|
|
777
|
+
],
|
|
778
|
+
"Checks": [
|
|
779
|
+
"monitor_diagnostic_setting_with_appropriate_categories",
|
|
780
|
+
"storage_secure_transfer_required_is_enabled",
|
|
781
|
+
"storage_ensure_minimum_tls_version_12",
|
|
782
|
+
"storage_blob_versioning_is_enabled",
|
|
783
|
+
"defender_ensure_defender_for_server_is_on",
|
|
784
|
+
"sqlserver_auditing_enabled",
|
|
785
|
+
"keyvault_logging_enabled",
|
|
786
|
+
"network_flow_log_captured_sent"
|
|
787
|
+
]
|
|
788
|
+
},
|
|
789
|
+
{
|
|
790
|
+
"Id": "164_312_e_2_ii",
|
|
791
|
+
"Name": "164.312(e)(2)(ii) Encryption",
|
|
792
|
+
"Description": "Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.",
|
|
793
|
+
"Attributes": [
|
|
794
|
+
{
|
|
795
|
+
"ItemId": "164_312_e_2_ii",
|
|
796
|
+
"Section": "164.312 Technical Safeguards",
|
|
797
|
+
"Service": "azure"
|
|
798
|
+
}
|
|
799
|
+
],
|
|
800
|
+
"Checks": [
|
|
801
|
+
"storage_ensure_encryption_with_customer_managed_keys",
|
|
802
|
+
"storage_infrastructure_encryption_is_enabled",
|
|
803
|
+
"storage_secure_transfer_required_is_enabled",
|
|
804
|
+
"storage_ensure_minimum_tls_version_12",
|
|
805
|
+
"sqlserver_tde_encryption_enabled",
|
|
806
|
+
"sqlserver_tde_encrypted_with_cmk",
|
|
807
|
+
"sqlserver_recommended_minimal_tls_version",
|
|
808
|
+
"keyvault_key_rotation_enabled",
|
|
809
|
+
"vm_ensure_attached_disks_encrypted_with_cmk",
|
|
810
|
+
"vm_ensure_unattached_disks_encrypted_with_cmk",
|
|
811
|
+
"app_minimum_tls_version_12",
|
|
812
|
+
"app_ensure_http_is_redirected_to_https",
|
|
813
|
+
"mysql_flexible_server_minimum_tls_version_12",
|
|
814
|
+
"mysql_flexible_server_ssl_connection_enabled",
|
|
815
|
+
"postgresql_flexible_server_enforce_ssl_enabled",
|
|
816
|
+
"databricks_workspace_cmk_encryption_enabled"
|
|
817
|
+
]
|
|
818
|
+
}
|
|
819
|
+
]
|
|
820
|
+
}
|