Updating HIPPA for AIX 7.1 to newer benchmarks
This document provides information about the hotfix containing Health Insurance Portability and Accountability Act (HIPPA) intermediate templates for AIX version 7.1, with implementation for 140 rules that can be installed on BladeLogic Server Automation 8.9.00 or 8.9.01.
These templates are designed to cover section 164 of HIPAA standard, which explains security for electronic protected health information (ePHI). They can be used to assist organizations covered under HIPAA in checking commonly implemented controls in security rules (Administrative and Technical safeguards, section 164.308 and 164.312). Controls that are applicable for operating systems from these sections are implemented in these templates. You should select rules from this policy and parameterize values of required compliance and remediation checks as per their organization`s policy and applicability of HIPAA controls.
Before you begin
Before you install this hotfix, ensure that you perform the following:
- Ensure that all compliance content provided by BMC in your environment is at least updated to version 8.9.
- Save backup copies of the sensors folders, which are present on all Application Servers in your environment. The sensors folders contain extended object scripts and is located at the following path on an Application Server:
Step 1: Downloading and installing the files
Download the HIPAA - AIX 7.1.zip and extended_objects.zip packages from the following FTP location:
You must be logged on to this page to view the FTP URL.Click here to expand checksum related infromation
Verify the downloaded content by using the following check sums.
HIPAA - AIX 7.1.zip
Verify the extended objects present on the application. If the md5sums match, go ahead and replace them. If these md5sums do not match, you must manually merge the fixes.
Extended Objects shipped with this template (part of extended_objects.zip)
6 EO-Parameter_denied_entries 112504a4d8b576ea0f8dbe5c0d62cb8e 7 EO-Parameter_functions ed23f3484f3434c63bc4cc88a10db0a2 8 findFiles a8f8cd85f51909469c7ababe54476278 9 lib_filehandling 02b20b456161c97e947c4a1007a8c8bd 10 lib_user 6a18e4a6e6715a5553c7c86970276c4f 11 lib_utils 6e4d93dbd395e312804a154a6035f12d
- Move the HIPAA - AIX 7.1.zip package to your RCP client server.
- Extract the contents from the extended_objects.zip package and move them to a temporary location on all Application Servers.
Step 2: Replacing the extended object scripts on all Application Servers
Ensure that you perform the following steps on all the Application Servers in your environment:
- Navigate to the extended objects script files on your Application Server:
Step 3: Importing the Compliance Content
- Log on to the Console.
- Right-click Component Templates and select Import.
The Import Wizard starts.
- Select the Import (Version-neutral) option.
- Select the updated HIPAA - AIX 7.1 zip package and click Next.
The HIPPA templates for AIX 7.1 are available in the HIPPA - AIX 7.1 zip package. To import the templates, select the templates.
Ensure that you select the Update objects according to the imported package and Preserve template group path options before you click Next.
Navigate to the last screen of the wizard and then click Finish.
The templates are imported successfully.
Rules within the templates
The following are the details of the 140 rules provided in the HIPPA - AIX 7.1 zip package. It contains the following types of rules:
138 Rules that check for compliance and provides remediation
2 Rules that check for compliance but do not provide remediation
The following tables list the rules along with comments.
|Rules with compliance checks but no remediation||Comments|
|164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - removal of .shosts files||Remediation is not provided. Removal of files must be done manually by System Administrator.|
|164.308(a)(5)(ii)(B) Protection from Malicious Software: Configuring SSH - installation||Remediation is not provided. Package must be installed manually.|
|Rules with compliance checks and with remediation||Comments|
|164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSH||For this rule to provide proper compliance results , ensure that you must set the values separated by spaces for the following local properties: SSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERS|
Rule in which property is used
Local property name
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - banner configuration-2 and 164.308(a)(5)(ii)(A) Security Reminders: Miscellaneous Enhancements - login herald
Unauthorized use of this system is prohibited.
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-2
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-1
164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - permissions and ownership
164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - SmtpGreetingMessage
|164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSH||SSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERS||Empty/Blank|