Map rules to HIPAA Technical Safeguards #392
Comments
|
This is the result of comparing PCI DSS 3.2 versus HIPAA security standards: {
"pci_dss_1.1.1": "hipaa_164.312.a.1",
"pci_dss_1.3.4": "hipaa_164.312.a.1",
"pci_dss_1.4": "hipaa_164.312.a.1",
"pci_dss_10.1": "hipaa_164.312.b",
"pci_dss_10.2.1": "hipaa_164.312.b",
"pci_dss_10.2.2": "hipaa_164.312.b",
"pci_dss_10.2.4": "hipaa_164.312.b",
"pci_dss_10.2.5": "hipaa_164.312.b",
"pci_dss_10.2.6": "hipaa_164.312.b",
"pci_dss_10.2.7": "hipaa_164.312.b",
"pci_dss_10.4": "hipaa_164.312.b",
"pci_dss_10.5.2": "hipaa_164.312.b",
"pci_dss_10.5.5": "hipaa_164.312.b",
"pci_dss_10.6": "hipaa_164.312.b",
"pci_dss_10.6.1": "hipaa_164.312.b",
"pci_dss_11.4": "#N/A",
"pci_dss_11.5": "hipaa_164.312.c.1,hipaa_164.312.c.2",
"pci_dss_2.2": "#N/A",
"pci_dss_2.2.3": "#N/A",
"pci_dss_4.1": "hipaa_164.312.a.2.IV,hipaa_164.312.e.1,hipaa_164.312.e.2.I,hipaa_164.312.e.2.II",
"pci_dss_5.1": "#N/A",
"pci_dss_5.2": "#N/A",
"pci_dss_6.2": "#N/A",
"pci_dss_6.5": "#N/A",
"pci_dss_6.5.1": "#N/A",
"pci_dss_6.5.10": "#N/A",
"pci_dss_6.5.2": "#N/A",
"pci_dss_6.5.5": "#N/A",
"pci_dss_6.5.7": "#N/A",
"pci_dss_6.5.8": "#N/A",
"pci_dss_6.6": "#N/A",
"pci_dss_8.1.2": "hipaa_164.312.a.2.I,hipaa_164.312.a.2.II",
"pci_dss_8.1.4": "hipaa_164.312.a.1",
"pci_dss_8.1.5": "hipaa_164.312.a.1",
"pci_dss_8.1.6": "hipaa_164.312.a.1",
"pci_dss_8.1.8": "hipaa_164.312.a.2.III",
"pci_dss_8.2.4": "hipaa_164.312.d",
"pci_dss_8.7": "hipaa_164.312.d,hipaa_164.312.e.1,hipaa_164.312.e.2.I,hipaa_164.312.e.2.II"
}Some of the sections in PCI standard cannot be matched to a HIPAA one which could be OK because PCI DSS is much wider than HIPAA (considering only Technical Safeguards which are the ones regarding Wazuh). @AdriiiPRodri is working on the script to automatically edit rules files using the mapping above. |
Status updateA script has been added to map the new standard and add it to our ruleset, the script checks if the standard has been previously added or not, in such a way that it is also valid to update the ruleset as many times as necessary. adriiiprodri@Wazuh:~/Desktop/git/wazuh-ruleset/tools/map-security-standard$ python map_standard.py -h
usage: map_standard.py [-h] [--path PATH] [--schema SCHEMA]
optional arguments:
-h, --help show this help message and exit
-p PATH --path Rules path
-s SCHEMA --schema Schema pathadriiiprodri@UnKnown:~/Desktop/git/wazuh-ruleset/tools/map-security-standard$ python map_standard.py
[INFO] Processing 0500-owncloud_rules.xml
[INFO] Processing 0350-amazon_rules.xml
[INFO] Processing 0230-ms-se_rules.xml
[INFO] Processing 0025-sendmail_rules.xml
[INFO] Processing 0245-web_rules.xml
[INFO] Processing 0310-openbsd_rules.xml
[INFO] Processing 0016-wazuh_rules.xml
[INFO] Processing 0480-qualysguard_rules.xml
[INFO] Processing 0055-courier_rules.xml
[INFO] Processing 0430-ms_wdefender_rules.xml
[INFO] Processing 0585-win-application_rules.xml
[INFO] Processing 0510-ciscat_rules.xml
[INFO] Processing 0140-roundcube_rules.xml
[INFO] Processing 0525-openvas_rules.xml
[INFO] Processing 0085-pam_rules.xml
[INFO] Processing 0540-pfsense_rules.xml
[INFO] Processing 0605-win-mcafee_rules.xml
[INFO] Processing 0530-mysql_audit_rules.xml
[INFO] Processing 0365-auditd_rules.xml
[INFO] Processing 0175-proftpd_rules.xml
[INFO] Processing 0095-sshd_rules.xml
[INFO] Processing 0345-netscaler_rules.xml
[INFO] Processing 0470-vshell_rules.xml
[INFO] Processing 0075-cisco-ios_rules.xml
[INFO] Processing 0385-oscap_rules.xml
[INFO] Processing 0040-imapd_rules.xml
[INFO] Processing 0325-opensmtpd_rules.xml
[INFO] Processing 0360-serv-u_rules.xml
[INFO] Processing 0315-apparmor_rules.xml
[INFO] Processing 0320-clam_av_rules.xml
[INFO] Processing 0300-postgresql_rules.xml
[INFO] Processing 0450-mongodb_rules.xml
[INFO] Processing 0340-puppet_rules.xml
[INFO] Processing 0020-syslog_rules.xml
[INFO] Processing 0210-vpn_concentrator_rules.xml
[INFO] Processing 0120-symantec-av_rules.xml
[INFO] Processing 0435-ms_logs_rules.xml
[INFO] Processing 0010-rules_config.xml
[INFO] Processing 0080-sonicwall_rules.xml
[INFO] Processing 0110-ms_dhcp_rules.xml
[INFO] Processing 0580-win-security_rules.xml
[INFO] Processing 0295-mysql_rules.xml
[INFO] Processing 0185-vsftpd_rules.xml
[INFO] Processing 0555-azure_rules.xml
[INFO] Processing 0415-sophos_rules.xml
[INFO] Processing 0565-ms_ipsec_rules.xml
[INFO] Processing 0155-dovecot_rules.xml
[INFO] Processing 0425-cisco-estreamer_rules.xml
[INFO] Processing 0220-msauth_rules.xml
[INFO] Processing 0560-docker_integration_rules.xml
[INFO] Processing 0485-cylance_rules.xml
[INFO] Processing 0030-postfix_rules.xml
[INFO] Processing 0600-win-wdefender_rules.xml
[INFO] Processing 0135-hordeimp_rules.xml
[INFO] Processing 0160-vmpop3d_rules.xml
[INFO] Processing 0195-named_rules.xml
[INFO] Processing 0335-unbound_rules.xml
[INFO] Processing 0065-pix_rules.xml
[INFO] Processing 0620-win-generic_rules.xml
[INFO] Processing 0105-asterisk_rules.xml
[INFO] Processing 0305-dropbear_rules.xml
[INFO] Processing 0115-arpwatch_rules.xml
[INFO] Processing 0165-vpopmail_rules.xml
[INFO] Processing 0235-vmware_rules.xml
[INFO] Processing 0270-web_appsec_rules.xml
[INFO] Processing 0045-mailscanner_rules.xml
[INFO] Processing 0455-docker_rules.xml
[INFO] Processing 0255-zeus_rules.xml
[INFO] Processing 0515-exim_rules.xml
[INFO] Processing 0285-systemd_rules.xml
[INFO] Processing 0125-symantec-ws_rules.xml
[INFO] Processing 0375-usb_rules.xml
[INFO] Processing 0390-fortigate_rules.xml
[INFO] Processing 0410-imperva_rules.xml
[INFO] Processing 0380-redis_rules.xml
[INFO] Processing 0420-freeipa_rules.xml
[INFO] Processing 0215-policy_rules.xml
[INFO] Processing 0170-ftpd_rules.xml
[INFO] Processing 0490-virustotal_rules.xml
[INFO] Processing 0405-rsa-auth-manager_rules.xml
[INFO] Processing 0200-smbd_rules.xml
[INFO] Processing 0615-win-ms-se_rules.xml
[INFO] Processing 0050-ms-exchange_rules.xml
[INFO] Processing 0575-win-base_rules.xml
[INFO] Processing 0610-win-ms_logs_rules.xml
[INFO] Processing 0130-trend-osce_rules.xml
[INFO] Processing 0535-mariadb_rules.xml
[INFO] Processing 0505-vuls_rules.xml
[INFO] Processing 0260-nginx_rules.xml
[INFO] Processing 0240-ids_rules.xml
[INFO] Processing 0440-ms_sqlserver_rules.xml
[INFO] Processing 0590-win-system_rules.xml
[INFO] Processing 0550-kaspersky_rules.xml
[INFO] Processing 0290-firewalld_rules.xml
[INFO] Processing 0395-hp_rules.xml
[INFO] Processing 0190-ms_ftpd_rules.xml
[INFO] Processing 0445-identity_guard_rules.xml
[INFO] Processing 0520-vulnerability-detector_rules.xml
[INFO] Processing 0330-sysmon_rules.xml
[INFO] Processing 0090-telnetd_rules.xml
[INFO] Processing 0100-solaris_bsm_rules.xml
[INFO] Processing 0015-ossec_rules.xml
[INFO] Processing 0225-mcafee_av_rules.xml
[INFO] Processing 0400-openvpn_rules.xml
[INFO] Processing 0265-php_rules.xml
[INFO] Processing 0250-apache_rules.xml
[INFO] Processing 0495-proxmox-ve_rules.xml
[INFO] Processing 0070-netscreenfw_rules.xml
[INFO] Processing 0275-squid_rules.xml
[INFO] Processing 0180-pure-ftpd_rules.xml
[INFO] Processing 0545-osquery_rules.xml
[INFO] Processing 0035-spamd_rules.xml
[INFO] Processing 0205-racoon_rules.xml
[INFO] Processing 0145-wordpress_rules.xml
[INFO] Processing 0460-jenkins_rules.xml
[INFO] Processing 0060-firewall_rules.xml
[INFO] Processing 0595-win-sysmon_rules.xml
[INFO] Processing 0570-sca_rules.xml
[INFO] Processing 0475-suricata_rules.xml
[INFO] Processing 0150-cimserver_rules.xml
[INFO] Processing 0280-attack_rules.xml |
This was referenced May 13, 2019
This was referenced May 15, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Taking advantage of current PCI DSS mapping and HIPAA equivalences, we can map the current ruleset to the HIPAA Technical Safeguards, according to the following table:
164.310(c): Workstation Security - R
6.2
11.2
164.310(c): Workstation Security - R
7.1 - 7.3
8.1 - 8.3
8.7
164.310(c): Workstation Security - R
2.3
6.2
11.5
164.310(c): Workstation Security - R
164.308(a)(5): Security Awareness and Training - Log-in Monitoring A
2.3
6.2
11.5
164.310(c): Workstation Security - R
164.310(d)(1): Device and Media Controls - Accountability A
164.310(b): Workstation Use - R
164.310(c): Workstation Security - R
164.310(c): Workstation Security - R
9.5 - 9.7
164.308(a)(7): Contingency Plan - Disaster Recovery Plan R
164.308(a)(7): Contingency Plan - Testing and Revision Procedure A
164.310(d)(1): Device and Media Controls - Data Backup and Storage A
4.1 - 4.3
164.310(d)(1): Device and Media Controls - Accountability A
164.312(a)(1): Access Control - Encryption and Decryption A
164.312(e)(1): Transmission Security - Integrity Controls A
164.312(e)(1): Transmission Security - Encryption A
4.3
7.1 - 7.3
8.7
164.308(a)(4): Information Access Management - Isolating Health care Clearinghouse Function R
164.308(a)(4): Information Access Management - Access Authorization A
164.312(a)(1): Access Control - Encryption and Decryption A
164.312(c)(1): Integrity - Mechanism to Authenticate Electronic Protected Health Information A
164.312(a)(1): Access Control - Automatic Logoff A
164.312(d): Person or Entity Authentication - R
164.312(e)(1): Transmission Security - Integrity Controls A
164.312(e)(1): Transmission Security - Encryption A
8.7 - 8.8
164.308(a)(4): Information Access Management - Access Authorization A
164.308(a)(4): Information Access Management - Access Establishment and Modification A
164.308(a)(5): Security Awareness and Training - Password Management A
164.312(a)(1): Access Control - Unique User Identification R
164.312(a)(1): Access Control - Automatic Logoff A
164.312(d): Person or Entity Authentication - R
164.312(e)(1): Transmission Security - Integrity Controls A
164.312(e)(1): Transmission Security - Encryption A
164.308(a)(5): Security Awareness and Training - Protection from Malicious Software A
164.308(a)(5): Security Awareness and Training - Log-in Monitoring A
164.308(a)(5): Security Awareness and Training - Password Management A
Tasks:
The text was updated successfully, but these errors were encountered: