Unsupported content

   

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Updating HIPPA for AIX 7.1 to newer benchmarks

This document provides information about the hotfix containing Health Insurance Portability and Accountability Act (HIPPA) intermediate templates for AIX version 7.1, with implementation for 140 rules that can be installed on BladeLogic Server Automation 8.9.00 or 8.9.01.

These templates are designed to cover section 164 of HIPAA standard, which explains security for electronic protected health information (ePHI). They can be used to assist organizations covered under HIPAA in checking commonly implemented controls in security rules (Administrative and Technical safeguards, section 164.308 and 164.312). Controls that are applicable for operating systems from these sections are implemented in these templates. You should select rules from this policy and parameterize values of required compliance and remediation checks as per their organization`s policy and applicability of HIPAA controls.

Note

Implementing this policy does not make an entity HIPAA compliant. This policy should be considered as reference guide and resource tool only.

Before you begin

Before you install this hotfix, ensure that you perform the following:

  • Ensure that all compliance content provided by BMC in your environment is at least updated to version 8.9.
  • Save backup copies of the sensors folders, which are present on all Application Servers in your environment. The sensors folders contain extended object scripts and is located at the following path on an Application Server:
    <Application_Server_installation_directory >/share/sensors

Step 1: Downloading and installing the files

  1. Download the HIPAA - AIX 7.1.zip and extended_objects.zip packages from the following FTP location:

    Note

    You must be logged on to this page to view the FTP URL.

     Click here to expand checksum related infromation

    Verify the downloaded content by using the following check sums.

    S.No

    File Name

    MD5SUM

    1

    HIPAA - AIX 7.1.zip

    a201b0195757723f66e502ca6807cc5f

    2

    extended_objects.zip

    a8d71af7a7cef8ca43bf1525fbd9d8f5

    Verify the extended objects present on the application. If the md5sums match, go ahead and replace them. If these md5sums do not match, you must manually merge the fixes.

    Extended Objects shipped with this template (part of extended_objects.zip)

    S.No

    File Name

    MD5SUM

    1

    eo_common_code

    8770fd5aab296b65e5a9942f14f8b649

    2

    eo_executer

    f64fc6385605dd126b0db798835342bd

    3

    EO-AIX71_findFiles_conf

    f5fe5731092d32c5637779f70884e8d1

    4

    EO-Findfiles

    7767e62f24f9a77ece99e75f9ed5991a

    5

    EO-Parameter_allowed_entries

    cd9098d785b66d272ea9fffe5ec2ce1c

    6EO-Parameter_denied_entries112504a4d8b576ea0f8dbe5c0d62cb8e
    7EO-Parameter_functionsed23f3484f3434c63bc4cc88a10db0a2
    8findFilesa8f8cd85f51909469c7ababe54476278
    9lib_filehandling02b20b456161c97e947c4a1007a8c8bd
    10lib_user6a18e4a6e6715a5553c7c86970276c4f
    11lib_utils6e4d93dbd395e312804a154a6035f12d
  2. Move the HIPAA - AIX 7.1.zip package to your RCP client server.
  3. Extract the contents from the extended_objects.zip package and move them to a temporary location on all Application Servers.

Step 2: Replacing the extended object scripts on all Application Servers

Ensure that you perform the following steps on all the Application Servers in your environment:

  1. Navigate to the extended objects script files on your Application Server:

<Application_Server_installation_directory >/share/sensors/

Step 3: Importing the Compliance Content

  1. Log on to the Console.
  2. Right-click Component Templates and select Import

    The Import Wizard starts.
  3. Select the Import (Version-neutral) option.
  4. Select the updated HIPAA - AIX 7.1 zip package and click Next.
  5. The HIPPA templates for AIX 7.1 are available in the HIPPA - AIX 7.1 zip package. To import the templates, select the templates.

    Note

    Ensure that you select the Update objects according to the imported package and Preserve template group path options before you click Next.

  6. Navigate to the last screen of the wizard and then click Finish.

    The templates are imported successfully.

Rules within the templates

The following are the details of the 140 rules provided in the HIPPA - AIX 7.1 zip package. It contains the following types of rules:

  • 138 Rules that check for compliance and provides remediation

  • 2 Rules that check for compliance but do not provide remediation

The following tables list the rules along with comments.

Rules with compliance checks but no remediationComments
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - removal of .shosts filesRemediation is not provided. Removal of files must be done manually by System Administrator. 
164.308(a)(5)(ii)(B) Protection from Malicious Software: Configuring SSH - installationRemediation is not provided. Package must be installed manually.
Rules with compliance checks and with remediationComments
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSHFor this rule to provide proper compliance results , ensure that you must set the values separated by spaces for the following local properties: SSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERS

Rule in which property is used

Local property name

Default value

164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - banner configuration-2 and 164.308(a)(5)(ii)(A) Security Reminders: Miscellaneous Enhancements - login herald

BANNER_LONG_PART1

Unauthorized use of this system is prohibited.

164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-2

CLIENT_ALIVE_COUNT_MAX

300

164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-1

CLIENT_ALIVE_INTERVAL

0

164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - permissions and ownership

SENDMAIL-CONF-FILE

/etc/mail/sendmail.cf

164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - SmtpGreetingMessage

SMTP_GREETING_LIST

mailerready

164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSHSSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERSEmpty/Blank
Was this page helpful? Yes No Submitting... Thank you

Comments