Active Directory Group Policy – HIPPA Auditing

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Organizations within the scope of this realm are to setup certain security postures that would enhance information security. Below is a sample set of recommended rules that should be applied toward Windows Active Directory.

Scope:
  - Applies to Domain Controllers and HIPPA Zones
  - Security filtering: NT AUTHORITY\Authenticated Users
Policies:
  - Windows Settings > Security Settings > Local Policies/Audit Policy:
    - Audit account logon events
    - Audit account management
    - Audit directory service access
    - Audit logon events
    - Audit object access
    - Audit policy Change
    - Audit privilege use 
    - Audit process tracking
    - Audit system events
  - Windows Settings > Security Settings > Local Policies/User Rights Assignment
    - Allow log on through Terminal Services:
      - Domain Admins
      - BUILTIN\Administrators
      - Remote Desktop Users (removed)
Log Retention:
  - Retention period: 1-year

Leave a Reply

Your email address will not be published. Required fields are marked *