Bug 1832760

Summary: (RFE) Add HIPAA profile into RHEL8 compliance content
Product: Red Hat Enterprise Linux 8 Reporter: Marek Haicman <mhaicman>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED ERRATA QA Contact: Gabriel Gaspar Becker <ggasparb>
Severity: high Docs Contact: Mirek Jahoda <mjahoda>
Priority: high    
Version: 8.1CC: ggasparb, lmanasko, matyc, mhaicman, mjahoda, wsato
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.50-4.el8 Doc Type: Enhancement
Doc Text:
.`scap-security-guide` now provides a profile that implements HIPAA This update of the `scap-security-guide` packages adds the Health Insurance Portability and Accountability Act (HIPAA) profile to the RHEL 8 security compliance content. This profile implements recommendations outlined on the link:https://www.hhs.gov/hipaa/for-professionals/privacy/index.html[The HIPAA Privacy Rule] website. The HIPAA Security Rule establishes U.S. national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 02:30:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Haicman 2020-05-07 09:05:17 UTC 
Description of problem:
Provide a profile to cover HIPAA (Health Insurance Portability and Accountability Act) policy required by Healthcare organizations in NA.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.48-7.el8

How reproducible:
reliably

Steps to Reproduce:
1. profile exists: oscap info --profiles /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
2. installation with HIPAA hardening works
3.

Actual results:
profile does not exist

Expected results:
profile exists, and remediations hardens system to the "all green" state, i.e. state where rules not dependent on environments are passing

Additional info:
RHEL7 HIPAA should have similar content Bug 1513087
Comment 3 Marek Haicman 2020-05-13 15:16:52 UTC 
*** Bug 1832754 has been marked as a duplicate of this bug. ***
Comment 23 errata-xmlrpc 2020-11-04 02:30:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4626