AWS Transfer for SFTP is a fully managed service that enables the transfer of files directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also known as Secure Shell (SSH) File Transfer Protocol.
AWS Transfer for SFTP is priced based on the number of SFTP servers, how long they are used, and the amount of data transferred. Please see AWS Transfer for SFTP Pricing for details.
AWS Transfer for SFTP provisions a fully managed SFTP server, and connects the SFTP service to a S3 bucket. The ClearDATA Automated Safeguards for Transfer for SFTP and S3 ensure that both services meet the compliance requirements of healthcare. The Transfer for SFTP service is meant to be highly available, scalable, offer elastic authentication options, and secure. For a full list of Transfer for SFTP features please see AWS Transfer for SFTP Features.
ClearDATA Automated Safeguards for AWS Transfer for SFTP help ensure that not only is the data transmitted over the SFTP service encrypted and secure, but a proper audit record of all activity is available. ClearDATA ensures that the SFTP logs are sent to CloudWatch for easy recording and viewing.
HIPAA Technical Safeguard 45 CFR § 164.312(b) requires a Covered Entity to “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”
If the option to send all logs to CloudWatch is not selected, ClearDATA automatically and transparently configure all audit logs to be sent to CloudWatch.
ClearDATA is responsible for ensuring encryption of the storage, as well as encryption of all data in transit.
Please contact your ClearDATA team for a copy of the Responsibilities Matrix.
Exclusions can be done on the SFTP server. Please contact ClearDATA Support if you require a Safeguard exclusion.
Reference Architecture Diagram
ClearDATA IAM Group
Users can be added to the Safeguard-SFTP IAM group in order to access the Transfer for SFTP service.
Enforcement of Automated Safeguards
Creation, Deletion, and all other user management
Provision SFTP servers
Ensure any service excluded from automated remediation does not contain any PHI/PII