Ensure that EFS file systems are included in a comprehensive backup plan.
Rule | EFS file systems should be in a backup plan |
Framework | HIPAA |
Severity | ✔ High |
EFS File Systems Backup Plan for HIPAA Compliance
Overview of the Rule
The Health Insurance Portability and Accountability Act (HIPAA) requires that electronic protected health information (ePHI) be safeguarded against threats, data loss, and unauthorized access. For organizations using AWS Elastic File System (EFS), this implies that EFS file systems containing sensitive health information must have regular backups to adhere to HIPAA's data protection requirements.
Compliance Details
Troubleshooting Steps
If issues arise when setting up the backup plan, follow these troubleshooting steps:
Necessary Commands
Here is a step-by-step guide to creating and managing EFS backups using AWS CLI commands.
Step 1: Install or Update AWS CLI
# Install or update the AWS CLI pip install awscli --upgrade --user
Step 2: Configure AWS CLI
# Configure AWS CLI with your credentials aws configure
Step 3: Create a Backup Vault
# Create a backup vault for EFS aws backup create-backup-vault --backup-vault-name "EFSBackupVault" --region your-region
Step 4: Create a Backup Plan
# Define a backup plan JSON file echo '{ "BackupPlan": { "BackupPlanName": "EFSBackupPlan", "Rules": [ { "RuleName": "DailyBackup", "TargetBackupVaultName": "EFSBackupVault", "ScheduleExpression": "cron(0 0 * * ? *)", "StartWindowMinutes": 60, "CompletionWindowMinutes": 120, "Lifecycle": { "MoveToColdStorageAfterDays": 30, "DeleteAfterDays": 365 }, "RecoveryPointTags": { "string": "string" } } ] } }' > backup-plan.json # Create backup plan using a JSON file aws backup create-backup-plan --backup-plan file://backup-plan.json --region your-region
Step 5: Assign Resources to Backup Plan
# Assign EFS file system to the backup plan aws backup create-backup-selection --backup-plan-id backup-plan-id-generated --resources-arn arn:aws:elasticfilesystem:your-region:account-id:file-system/file-system-id --region your-region
Step 6: Monitor Backup Jobs
# List all backup jobs for a backup plan aws backup list-backup-jobs --by-backup-plan-id backup-plan-id-generated --region your-region
Step 7: Verify the Backup
# Describe a specific backup job aws backup describe-backup-job --backup-job-id backup-job-id-generated --region your-region
Remediation Steps
If a backup job fails or you discover that the EFS file system is not being backed up properly, take the following remediation steps:
In summary, for HIPAA compliance, it is essential to routinely backup EFS file systems containing ePHI using AWS Backup, configure the backups with encryption, and monitor the backup jobs closely. Follow the provided steps to set up, manage, and remediate any issues with EFS backups and ensure that your organization meets HIPAA's data protection requirements.