Skip to content

Latest commit

 

History

History
20 lines (14 loc) · 2.27 KB

15-ids_policy.md

File metadata and controls

20 lines (14 loc) · 2.27 KB
Raw

15. IDS Policy

In order to preserve the integrity of data that NutriAdmin stores, processes, or transmits for Customers, NutriAdmin implements strong intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access. NutriAdmin currently utilizes OSSEC to track file system integrity, monitor log data, and detect rootkit access where appropriate.

On the other hand, the majority of systems that NutriAdmin uses are managed by Microsoft Azure (e.g. Web Apps and CosmosDB) and Microsoft provides audit and IDS tools. All of the web infrastructure that NutriAdmin uses is behind an application gateway.

15.1 Applicable Standards from the HIPAA Security Rule

  • 164.312(b) - Audit Controls

15.2 Intrusion Detection Policy

  1. OSSEC is used to monitor and correlate log data from different systems on an ongoing basis. Reports generated by OSSEC are reviewed by the Security Officer or authorized delegate periodically.
  2. OSSEC generates alerts to analyze and investigate suspicious activity or suspected violations.
  3. OSSEC monitors file system integrity and sends real time alerts when suspicious changes are made to the file system.
  4. Automatic monitoring is done to identify patterns that might signify the lack of availability of certain services and systems (DoS attacks).
  5. NutriAdmin firewalls monitor all incoming traffic to detect potential denial of service attacks. Suspected attack sources are blocked automatically. Additionally, our hosting provider actively monitors its network to detect denial of services attacks.
  6. All new firewall rules and configuration changes are tested before being pushed into production. All firewall and router rules are reviewed yearly and tracked in the Compliance Review Activity (CRA) Spreadsheed with ID #CRA-19.
  7. Automatic alerts have been configured for critical systems, like the web application, so that NutriAdmin management is notified if an intrusion or unusual activity has been detected in a critical system. These alerts are re-evaluated and tested periodically and as needed.
  8. The above Procedure is monitored on a yearly basis using the Compliance Review Activity (CRA) Spreadsheet to assess compliance with above policy. This monitoring activity is recorded using ID #CRA-20.