Page tree

Skip to end of metadata
Go to start of metadata

Overview

AWS Transfer for SFTP is a fully managed service that enables the transfer of files directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also known as Secure Shell (SSH) File Transfer Protocol.

Pricing Guidelines

AWS Transfer for SFTP is priced based on the number of SFTP servers, how long they are used, and the amount of data transferred.  Please see AWS Transfer for SFTP Pricing for details.

Architecture

AWS Transfer for SFTP provisions a fully managed SFTP server, and connects the SFTP service to a S3 bucket.  The ClearDATA Automated Safeguards for Transfer for SFTP and S3 ensure that both services meet the compliance requirements of healthcare.  The Transfer for SFTP service is meant to be highly available, scalable, offer elastic authentication options, and secure.  For a full list of Transfer for SFTP features please see AWS Transfer for SFTP Features.

Automated Safeguards

ClearDATA Automated Safeguards for AWS Transfer for SFTP help ensure that not only is the data transmitted over the SFTP service encrypted and secure, but a proper audit record of all activity is available.  ClearDATA ensures that the SFTP logs are sent to CloudWatch for easy recording and viewing.

Compliance Guidance

Audit Logging

HIPAA Technical Safeguard 45 CFR § 164.312(b) requires a Covered Entity to “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”  

Remediation

If the option to send all logs to CloudWatch is not selected, ClearDATA automatically and transparently configure all audit logs to be sent to CloudWatch.

Shared Responsibility

ClearDATA is responsible for ensuring encryption of the storage, as well as encryption of all data in transit.

Please contact your ClearDATA team for a copy of the Responsibilities Matrix.

Exclusion

Exclusions can be done on the SFTP server.  Please contact ClearDATA Support if you require a Safeguard exclusion.

Reference Architecture Diagram

ClearDATA IAM Group

Users can be added to the Safeguard-SFTP IAM group in order to access the Transfer for SFTP service.

RACI


Item

ClearDATA

Customer

Enforcement of Automated SafeguardsRAIC
Creation, Deletion, and all other user managementCRA
Provision SFTP serversCRA
Ensure any service excluded from automated remediation does not contain any PHI/PIIICRA

  • No labels