Cloud Security Solutions for HIPAA Compliance

Simplify HIPAA Compliance

Armor Cloud Security Solutions – Audit-ready Compliance in Under 2 Minutes

Simplify your life: Overcome your Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance challenges by securing your critical ePHI and PHI data workloads with Armor. Our Health Information Trust Alliance Common Security Framework (HITRUST CSF) certified security solutions provide inherited compliance controls to cloud-ready organizations.

This means easier audits and, most important, security for the data that needs it most.

Get Cloud Formation Template

It wasn’t just about achieving HITRUST CSF® certification, though that was the original intention, says McKinney. Now it’s about moving beyond certification and becoming a security thought leader in the healthcare industry.

Brenton McKinneyVP of Security

Medecision

Read Case Study

Armor Helps Clients Become HIPAA Compliant

HITRUST CSF-Certified Solutions
Armor is certified by the Health Information Trust Alliance Common Security Framework (HITRUST CSF); A framework designed to simplify HIPAA compliance requirements by providing prescriptive compliance guidelines.

Inherited Compliance Controls
Our managed security solutions were built to address the risk-based nature of HIPAA compliance and pass their compliant status to customer data.

HIPAA Compliance Support
Our security team provides 24/7/365 customized, hands-on support to help you overcome any compliance challenge.

Security-Driven Compliance
True cloud security is more than just a checklist; it’s about letting compliance be an outcome of a security program, not its goal. Our approach to security does just that: proactive cybersecurity powered by the experts in our 24/7/365 security operations center (SOC).

Download Armor Complete Data sheet

What is HITRUST CSF?

Since HIPAA is more risk-based as opposed to a prescriptive set of security controls the Health Information Trust Alliance collaborated with health care and information security leaders to develop the HITRUST Common Security Framework (CSF).

The HITRUST CSF provides an actionable and scalable framework around HIPAA guidelines that organizations can follow to when managing compliance for their ePHI and PHI data.

Armor solutions are certified against HITRUST CSF and pass that status on the data workloads and applications they protect.

Download White Paper

Inherited HITRUST CSF Controls

Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our HITRUST CSF-certified solutions. This means streamlined audits and cost savings for organizations without robust cloud security programs.

Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:

Armor Security Services	HIPAA/HITECH Controls	HITRUST CSF v8 Controls Required for Certification	Risk Mitigation
Intrusion Detection	Security best practice – implied control under 164.306(A)	09.m	Malicious allowed traffic
Internal Network Vulnerability Scanning	Included in §164.308(a)(1)	10.m	Exploits due to missing patches/updates; improper network firewall configuration
File Integrity Monitoring	§164.312(e)	09.ab, 10.h	Monitoring unauthorized changes to critical files
OS Patching/Updating	Security best practice implied control under 164.306(A)	10.m	OS weaknesses Malware Protection
Malware Protection	§164.308(a)(5)(ii)(B)	09.ab(HT4), 10.h	Compromise due to virus/malware infection
Log Management	§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)	09.aa, 09.ab, 09.ac	Detection of malicious activity

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Anywhere HITRUST Compliance Matrix.

Armor Security Services	HIPAA/HITECH Controls	HITRUST CSF v8 Controls Required for Certification	Risk Mitigation
IP Reputation Filtering	§164.308(a)(1)(ii)(A)	09.m	Activity from known bad sources
DDoS Mitigation	Security best practice implied control under 164.306(A)	09.m, 09.h (included in Level 2 implementation)	Loss of availability due to high volume of malicious activity
Web Application Firewall	Security best practice – implied control under 164.306(A)	09.m	Application layer flaws and exploits
Intrusion Detection	Security best practice implied control under 164.306(A)	09.m	Malicious allowed traffic
Network Firewall (Hypervisor-Based)	Security best practice implied control under 164.306(A)	01.m, 01.o, 01.w, 09.m	Unwanted network connectivity
Secure Remote Access (Two-factor authentication)	§164.312(d), §164.312(a)(2)(iii)	01.j, 05.i, 09.s	Unauthorized remote use of administrative access
Secure Remote Administrative Access	§164.312(d)	01.j, 05.i, 09.m, 09.s	Disclosure of administrative credentials
OS Patching/Updating	Security best practice implied control under 164.306(A)	10.m	OS weaknesses Malware Protection
Malware Protection	§164.308(a)(5)(ii)(B)	09.ab, 10.h	Compromise due to virus/malware infection
Log Management	§164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b)	09.aa, 09.ab, 09.ac	Detection of malicious activity
Physical Security	§164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv)	08.b, 08.d, 08.j, 09.ab, 09.q	Physical theft or compromise of data

*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.

View the entire Armor Complete HITRUST Compliance Matrix.

Armor Compliance Expertise: HIPAA

Armor is HITRUST CSF certified. We are HIPAA compliance experts. In fact, HITRUST chose us to secure their MyCSF application. Why wouldn’t you choose the security provider trusted by HITRUST itself? Seems like a no-brainer—plus, you’re compliant the day you entrust your security needs with Armor.

Leverage that HIPAA compliance expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support for your internal teams tasked with managing HIPAA-regulated data and compliance. Relying on our proven security talent is the most direct way to increase your cloud security proficiency without adding to headcount or purchasing and integrating DIY tools.

Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only Armor can deliver.

Our CISO is Your CISO: Extend your cloud security roster with proven security talent. We streamline audits and assessments with hands-on expertise and guidance through any HIPAA and HITRUST CSF cloud compliance challenge.
Certifiable Cyber Security Badasses: The individuals in our security operations center (SecOps) have a combined 60 cyber security certifications.
Proven Cloud Security Results: Our SOC managed more than 4,800 security incidents and analyzed more than 771 billion logs in 2016.

Extend your Security Team

Ready for Pricing?

Answer a few questions to get a product recommendation from Armor and pricing estimate in minutes.

Get My Estimate

Our Platform

Why Armor

Keeping Them Out of Your Vault: Network Segmentation in the Cloud

Industry

User

Cloud Type

Compliance

Farewell to Audit Season; Hello Continuous Compliance

Products

Core Capability

Additional Capabilities

Cloud Security: The Honeypot Project

Resources

Knowledge Center

Self Service Tools

Response Kits

Q and A

Armor Cloud Formation Template

About Us

Coverage

Legal

About

Simplify HIPAA Cloud Compliance