Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: EFS File Systems should be Protected by Backup Plan

This rule emphasizes the need for protecting EFS file systems with a backup plan to ensure data security and integrity.

RuleEFS file systems should be protected by backup plan
FrameworkHIPAA
Severity
High

EFS File Systems Should Be Protected by Backup Plan for HIPAA Compliance

Description of the Rule

Under the Health Insurance Portability and Accountability Act (HIPAA), safeguarding electronic Protected Health Information (ePHI) is paramount. Amazon Elastic File System (EFS) is often used to store and manage ePHI data. As such, to be HIPAA compliant, EFS file systems must be backed up regularly to prevent data loss in the case of accidental deletion, corruptions, or disasters.

This rule dictates that all EFS file systems containing ePHI should be included in a backup plan. Regular backups must be performed and monitored to ensure integrity and availability of ePHI, which is critical for patient care continuity and legal compliance.

Troubleshooting Steps

  1. 1.

    Verify Backup Policy Applied:

    • Ensure that a backup policy is created and linked to every EFS file system containing ePHI.
  2. 2.

    Check Backup Schedule:

    • Confirm the backup schedule is in line with HIPAA requirements and best practices, usually comprising daily backups.
  3. 3.

    Monitor Backup Activity:

    • Regularly monitor AWS Backup jobs for failures and address any issues immediately.
  4. 4.

    Review Backup Retention:

    • Ensure backup retention policies satisfy HIPAA data retention requirements.
  5. 5.

    Check Backup Security:

    • Verify that backups are encrypted at rest and while in transit to ensure ePHI is protected.
  6. 6.

    Audit and Document:

    • Regularly audit EFS backups and maintain documentation for HIPAA compliance.

If there are any issues with the backups, you would need to troubleshoot based on the specific nature of the problem, which could be related to permissions, network connectivity, or AWS service limits.

Necessary Codes and CLI Commands

To automate backups using AWS Backup service, you can create a backup plan and assign it to your EFS file systems. The following is an example using the AWS Command Line Interface (CLI):

# Create a backup vault
aws backup create-backup-vault --backup-vault-name "EFSBackupVault"

# Create a backup plan
aws backup create-backup-plan --backup-plan '{"BackupPlanName": "EfsBackupPlan", "Rules": [{"RuleName": "DailyBackup", "TargetBackupVaultName": "EFSBackupVault", "ScheduleExpression": "cron(0 0 * * ? *)", "StartWindowMinutes": 60, "CompletionWindowMinutes": 10080, "Lifecycle": {"MoveToColdStorageAfterDays": 30, "DeleteAfterDays": 365}, "RecoveryPointTags": {"CreatedBy": "AWSBackupService"}}]}'

Step By Step Guide for Remediation

Step 1: Create a Backup Vault

The backup vault is where your backups are securely stored.

aws backup create-backup-vault --backup-vault-name "EFSBackupVault"

Step 2: Define Backup Policy

Create a JSON file (

efs-backup-plan.json
) with your backup plan details:

{
  "BackupPlanName": "EfsBackupPlan",
  "Rules": [
    {
      "RuleName": "DailyBackup",
      "TargetBackupVaultName": "EFSBackupVault",
      "ScheduleExpression": "cron(0 0 * * ? *)",
      "StartWindowMinutes": 60,
      "CompletionWindowMinutes": 10080,
      "Lifecycle": {
        "MoveToColdStorageAfterDays": 30,
        "DeleteAfterDays": 365
      },
      "RecoveryPointTags": {
        "CreatedBy": "AWSBackupService"
      }
    }
  ]
}

Step 3: Create Backup Plan

Utilize the AWS CLI to create a backup plan using the json file:

aws backup create-backup-plan --backup-plan file://efs-backup-plan.json

Step 4: Assign EFS Filesystems to the Backup Plan

Assign your EFS filesystems to the new backup plan:

aws backup update-recovery-point-lifecycle --backup-vault-name "EFSBackupVault" --recovery-point-arn "arn:aws:elasticfilesystem:region:account-id:file-system/fs-id" --lifecycle "MoveToColdStorageAfterDays=30,DeleteAfterDays=365"

Step 5: Monitor Backups

Regularly check the status of your backups via the AWS Backup console or using CLI commands.

aws backup list-backup-jobs --backup-vault-name "EFSBackupVault"

By implementing these steps, your EFS file systems will be adequately protected by a backup plan, ensuring HIPAA compliance concerning ePHI data protection. This guide is not only SEO friendly but also designed to be a practical resource for setting up EFS backups compliant with HIPAA regulations.

Is your System Free of Underlying Vulnerabilities?
Find Out Now