HIPAA: AIX 7.1

This topic provides information about the hotfix containing Health Insurance Portability and Accountability Act (HIPAA) intermediate templates for AIX version 7.1, with implementation for 140 rules that can be installed on TrueSight Server Automation 8.9.00 or 8.9.01. 

These templates are designed to cover section 164 of HIPAA standard, which explains security for electronic protected health information (ePHI). They can be used to assist organizations covered under HIPAA in checking commonly implemented controls in security rules (Administrative and Technical safeguards, section 164.308 and 164.312). Controls that are applicable for operating systems from these sections are implemented in these templates. You should select rules from this policy and parameterize values of required compliance and remediation checks as per their organization`s policy and applicability of HIPAA controls.

Before you begin

Before you install this hotfix, ensure that you perform the following:

• Ensure that all compliance content provided by BMC in your environment is at least updated to version 8.9.
• Save backup copies of the sensors folders, which are present on all Application Servers in your environment. The sensors folders contain extended object scripts and is located at the following path on an Application Server:
  <Application_Server_installation_directory >/share/sensors

Step 1: Downloading and installing the files

1. Download the HIPAA - AIX 7.1.zip and extended_objects.zip packages from the following FTP location:

   Error

   You must log in or register to view this page

   Click here to expand checksum related infromation

   Verify the downloaded content by using the following check sums.

   S.No	File Name	MD5SUM
   1	HIPAA - AIX 7.1.zip	a201b0195757723f66e502ca6807cc5f
   2	extended_objects.zip	a8d71af7a7cef8ca43bf1525fbd9d8f5

   Verify the extended objects present on the application. If the md5sums match, go ahead and replace them. If these md5sums do not match, you must manually merge the fixes.

   Extended Objects shipped with this template (part of extended_objects.zip)

   S.No	File Name	MD5SUM
   1	eo_common_code	8770fd5aab296b65e5a9942f14f8b649
   2	eo_executer	f64fc6385605dd126b0db798835342bd
   3	EO-AIX71_findFiles_conf	f5fe5731092d32c5637779f70884e8d1
   4	EO-Findfiles	7767e62f24f9a77ece99e75f9ed5991a
   5	EO-Parameter_allowed_entries	cd9098d785b66d272ea9fffe5ec2ce1c
   6	EO-Parameter_denied_entries	112504a4d8b576ea0f8dbe5c0d62cb8e
   7	EO-Parameter_functions	ed23f3484f3434c63bc4cc88a10db0a2
   8	findFiles	a8f8cd85f51909469c7ababe54476278
   9	lib_filehandling	02b20b456161c97e947c4a1007a8c8bd
   10	lib_user	6a18e4a6e6715a5553c7c86970276c4f
   11	lib_utils	6e4d93dbd395e312804a154a6035f12d

2. Move the HIPAA - AIX 7.1.zip package to your RCP client server.
3. Extract the contents from the extended_objects.zip package and move them to a temporary location on all Application Servers.
   
   

Step 2: Replacing the extended object scripts on all Application Servers

Ensure that you perform the following steps on all the Application Servers in your environment:

1. Navigate to the extended objects script files on your Application Server:

<Application_Server_installation_directory >/share/sensors/

Step 3: Importing the Compliance Content

1. Log on to the Console.
2. Right-click Component Templates and select Import. 
   
   The Import Wizard starts.
3. Select the Import (Version-neutral) option.
   
4. Select the updated HIPAA - AIX 7.1 zip package and click Next.
   

5. The HIPAA templates for AIX 7.1 are available in the HIPAA - AIX 7.1 zip package. To import the templates, select the templates.

   Warning

   Note

   Ensure that you select the Update objects according to the imported package and Preserve template group path options before you click Next.

   

6. Navigate to the last screen of the wizard and then click Finish.
   
   The templates are imported successfully.
   

Rules within the templates

The following are the details of the 140 rules provided in the HIPAA - AIX 7.1 zip package. It contains the following types of rules:

• 138 Rules that check for compliance and provides remediation
• 2 Rules that check for compliance but do not provide remediation

The following tables list the rules along with comments.

Rules with compliance checks but no remediation	Comments
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - removal of .shosts files	Remediation is not provided. Removal of files must be done manually by System Administrator.
164.308(a)(5)(ii)(B) Protection from Malicious Software: Configuring SSH - installation	Remediation is not provided. Package must be installed manually.

Rules with compliance checks and with remediation	Comments
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSH	For this rule to provide proper compliance results , ensure that you must set the values separated by spaces for the following local properties: SSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERS

Rule in which property is used	Local property name	Default value
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - banner configuration-2 and 164.308(a)(5)(ii)(A) Security Reminders: Miscellaneous Enhancements - login herald	BANNER_LONG_PART1	Unauthorized use of this system is prohibited.
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-2	CLIENT_ALIVE_COUNT_MAX	300
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - set Idle Timeout Interval for User Login-1	CLIENT_ALIVE_INTERVAL	0
164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - permissions and ownership	SENDMAIL-CONF-FILE	/etc/mail/sendmail.cf
164.308(a)(5)(ii)(A) Security Reminders: /etc/mail/sendmail.cf - SmtpGreetingMessage	SMTP_GREETING_LIST	mailerready
164.308(a)(4)(ii)(B) Access Authorization: Configuring SSH - limit access via SSH	SSH_ALLOW_GROUPS, SSH_ALLOW_USERS, SSH_DENY_GROUPS, and SSH_DENY_USERS	Empty/Blank