This rule ensures CloudFront distributions require encryption in transit.
Rule | CloudFront distributions should require encryption in transit |
Framework | HIPAA |
Severity | ✔ High |
Rule Description:
This rule/policy ensures that all CloudFront distributions used for handling PHI (Protected Health Information) data in compliance with HIPAA regulations are configured to require encryption in transit. Encryption in transit ensures that data transmitted between the client and the CloudFront edge locations is securely encrypted, protecting it from unauthorized access or interception.
Troubleshooting Steps:
If the encryption in transit requirement is not met, you can follow these troubleshooting steps:
Check the CloudFront distribution settings for encryption:
Verify that the SSL/TLS certificate used is valid and properly configured:
Test the encryption in transit:
Check the CloudFront distribution's Origin settings:
Necessary Codes:
There are no specific codes required for this rule. However, you might need to modify or update your CloudFront distribution settings.
Step-by-Step Guide for Remediation:
Follow these steps to ensure that the CloudFront distribution requires encryption in transit for HIPAA compliance:
Login to the AWS Management Console.
Navigate to the Amazon CloudFront service.
Select your CloudFront distribution associated with HIPAA data.
Click on the "Behaviors" tab.
Review the existing settings and ensure that the following options are configured correctly:
Security Policy: Verify that the security policy selected supports encryption in transit according to HIPAA requirements. It is recommended to choose the latest available security policy.
Viewer Protocol Policy: Set it to "Redirect HTTP to HTTPS" to enforce HTTPS communication between clients and CloudFront.
Allowed HTTP Methods: Only allow secure HTTP methods such as GET and HEAD.
Query String Forwarding and Caching: Configure as per your specific application requirements.
HTTPS Only: Enable this option to enforce HTTPS connections only.
Review the Origin settings:
Save the changes to update the CloudFront distribution configuration.
Test the configuration:
By following these steps, you will ensure that your CloudFront distribution is configured to require encryption in transit for HIPAA compliance.