docs(cascades): track Teams HIPAA rollout as new gap
Added Teams deployment + HIPAA-appropriate configuration as a tracked gap (hipaa.md #27) and M365 issue (m365.md #14). Cites transmission security + BAA requirements and outlines controls needed (retention, DLP, external sharing lockdown, guest access, meeting consent). Dependency on Microsoft BAA flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -84,6 +84,7 @@ Nurses/MedTechs (staff PCs)
|
||||
| 24 | **RestrictAnonymous = 0** on CS-SERVER | Medium | §164.312(a)(1) — Access Control | Null sessions allowed |
|
||||
| 25 | **Protected Users group empty** | Medium | §164.312(a)(1) — Access Control | Admin accounts not protected |
|
||||
| 26 | **Share permissions: Everyone=FullControl** on multiple shares | Medium | §164.312(a)(1) — Access Control | Culinary, directoryshare, Roaming |
|
||||
| 27 | **Microsoft Teams not deployed or HIPAA-configured** for staff | Medium | §164.312(e)(1) — Transmission Security + §164.308(b)(1) — Business Associates | Roll out Teams to all staff with HIPAA-appropriate controls: retention policies for chat/channel/meeting recordings, external sharing restrictions, DLP for PHI in messages, meeting recording consent, guest access disabled by default. Depends on Microsoft BAA (#13). |
|
||||
|
||||
## Quick Wins (Free, Can Do Now)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user