Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Welcome to the ClearDATA customer documentation for Amazon Web Services (AWS).  Our solutions for AWS allows healthcare and life science organizations to innovate safely in the cloud by leveraging our Automated Safeguards and additional guidance covering commonly used AWS products.

...

Automated Safeguards

Our safeguards ensure Healthcare and Life Sciences organizations can use native AWS cloud services in a safe and compliant manner, as introduced in our CTO Matt Ferrari's blog post.  Click on the Automated Safeguard Name for more information.

...

  • Customer can define Administrators
  • Administrators can create additional users and assign them to ClearDATA approved groups

...

  • Ports and port ranges are in our standard whitelist
  • Ports and port ranges are in pre-approved customer-specific whitelist

...

  • Access Logs are enabled for all API Stages

...

  • HTTPS protocol and/or port 443
  • Access logging enabled
  • Appropriate TLS version

...

ALB listener is deleted immediately after creation.

Access logging is enabled transparently after ALB is provisioned.

...

  • Encryption in motion when connecting to S3

...

  • Encryption at rest with a KMS key
  • Point-in-time backups are enabled

...

Tables encrypted with the DEFAULT key are deleted.

Backups are enabled if not enabled

...

  • CIS hardened OS
  • Malware Protection
  • Log Management
  • Encryption at rest

...

  • Encryption at rest
  • Encryption in motion
  • Vulnerability Scanning
  • Audit Logging

...

  • Encryption at rest
  • Vulnerability Scanning
  • Audit Logging

...

  • Encryption at rest
  • Encryption in motion between cluster nodes
  • Cluster is not publicly available

...

  • Encryption at rest
  • Encryption in motion between cluster nodes
  • Cluster is not publicly available

...

  • Encryption at rest

...

  • Encryption at rest

...

  • Encryption at rest
  • Splunk is not allowed as a destination

...

  • Encryption at rest
  • Encryption in motion, via a parameter group
  • Backups are enabled with at least 14 day retention
  • Audit logs are enabled
  • Cluster is not publicly available

...

  • Instance deployed in private subnet
  • Encryption at rest
  • Encryption in Motion (where applicable)
  • Backups enabled

...

  • Encryption in motion for Hyperparameter Tuning jobs

...

  • Encryption at rest

...

  • Log Monitoring Status
  • Versioning Enabled Status
  • Static Webhosting Status
  • Bucket Policy Status
  • Buckets ACL Status
  • Policy PUT Encryption
  • Secure Transport

...

  • Access Logs are enabled for all SFTP Servers

...

Automated Safeguards Alerting

ClearDATA Automated Safeguards both alert and remediate when a compliance violation is detected.  Customers can subscribe to the alerts by following the article Automated Safeguards - Subscribe to Compliance Alerts.

Automated Safeguards Remediation

ClearDATA Automated Safeguards perform an automated remediation to either fix a violation, or remove the offending service to ensure there is no compliance concerns.  The remediation actions are unique to each Automated Safeguard and documented within each Automated Safeguard detailed page.  Customers can exclude both individual services, and entire AWS accounts (such as dev and test) from automated remediation by following the appropriate article:

Automated Safeguards - Exclude an AWS Account From Automated Remediation

Automated Safeguards - Exclude an AWS Object from Automated Remediation

Platform Features

ClearDATA Solution for AWS also includes features for customers to take advantage of that are focused on helping our customers effectively consume the AWS platform.  Click on the Feature Name for more information.

...

“Have It Your Way” With AMI Customization

Additional Guidance

Additional AWS products can also be used by our customers using appropriate guidance that can be provided when requested from our Customer Success Managers.  See ClearDATA Supported Services for a full list of those services.

Access to additional Amazon products can also be reviewed on case by case basis to ensure compliance is always achieved.

Table of Contents

  See Compliance Reference to see a list of all supported AWS services and features.

At a high level, ClearDATA allows for our automation to run securely on your AWS account using Automated Safeguards. 

Compliance Reference

Controls we implement per service and provides service-specific guidance on staying complaint on your end.

Getting Started

Get started with the ClearDATA AWS platform, including configuring how to receive alerts for Automated Safeguard evaluations.

How-To Guides

Perform specific tasks for our platform features, such as our Custom AMI feature.