diff --git a/.DS_Store b/.DS_Store
index 038597a..3a37a20 100644
Binary files a/.DS_Store and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
index 2f0d0a6..cfd7db4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ hieradata/nodes/example-puppet-master.yaml
 site/.DS_Store
 site/profile/.DS_Store
 site/.DS_Store
+.DS_Store
diff --git a/site/profile/manifests/baseline_hipaa.pp b/site/profile/manifests/baseline_hipaa.pp
new file mode 100644
index 0000000..fae81b9
--- /dev/null
+++ b/site/profile/manifests/baseline_hipaa.pp
@@ -0,0 +1,6 @@
+#
+class profile::baseline_hipaa {
+
+  include ::profile::compliance::hipaa
+
+}
diff --git a/site/profile/manifests/compliance/cis.pp b/site/profile/manifests/compliance/cis.pp
new file mode 100644
index 0000000..f1041ee
--- /dev/null
+++ b/site/profile/manifests/compliance/cis.pp
@@ -0,0 +1,5 @@
+class profile::compliance::cis {
+
+  include ::demo_cis
+
+}
diff --git a/site/profile/manifests/compliance/hipaa.pp b/site/profile/manifests/compliance/hipaa.pp
new file mode 100644
index 0000000..58aed83
--- /dev/null
+++ b/site/profile/manifests/compliance/hipaa.pp
@@ -0,0 +1,11 @@
+class profile::compliance::hipaa {
+
+  case $::osfamily {
+    'windows': {
+      include ::profile::compliance::hipaa::windows
+    }
+    default: {
+      include ::profile::compliance::hipaa::linux
+    }
+  }
+}
diff --git a/site/profile/manifests/compliance/hipaa/linux.pp b/site/profile/manifests/compliance/hipaa/linux.pp
new file mode 100644
index 0000000..3b0093c
--- /dev/null
+++ b/site/profile/manifests/compliance/hipaa/linux.pp
@@ -0,0 +1,36 @@
+class profile::compliance::hipaa::linux {
+
+  # HIPAA Administrative Simplification Regulation Text
+  # https://www.hhs.gov/sites/default/files/hipaa-simplification-201303.pdf?language=es
+
+  # 164.312 Technical safeguards
+  # (i) Unique user identification (Required)
+
+  # Ensure only known accounts are on the system, purge any unmanaged accounts otherwise.
+  resources {'user':
+    purge              => true,
+    unless_system_user => true,
+    unless_uid         => ['1010'],
+  }
+
+  # (iii) Automatic logoff (Addressable)
+  # Set time limit for active but idle ssh sessions: 10 minutes
+  # Set login grace time to 60
+  class{'::ssh':
+    permit_root_login            => 'no',
+    sshd_client_alive_count_max  => '10',
+    sshd_client_alive_interval   => '60',
+    sshd_config_login_grace_time => '60',
+  }
+
+  # Add Auditd configuration
+  class{'::auditd':
+    main_rules => [
+      '-a always,exit -F path=/etc/passwd -F perm=wa -F key=accounts',
+      '-a always,exit -F path=/etc/gshadow -F perm=wa -F key=accounts',
+    ],
+  }
+
+
+
+}
diff --git a/site/profile/manifests/compliance/hipaa/windows.pp b/site/profile/manifests/compliance/hipaa/windows.pp
new file mode 100644
index 0000000..70a41f0
--- /dev/null
+++ b/site/profile/manifests/compliance/hipaa/windows.pp
@@ -0,0 +1,51 @@
+class profile::compliance::hipaa::windows {
+
+  # HIPAA Administrative Simplification Regulation Text
+  # https://www.hhs.gov/sites/default/files/hipaa-simplification-201303.pdf?language=es
+
+  # 164.312 Technical safeguards
+  # (i) Unique user identification (Required)
+
+  # Ensure only known accounts are on the system, purge any unmanaged accounts otherwise.
+  user { 'Local Admin 1':
+    ensure => present,
+    groups => ['Administrators'],
+  }
+
+  user { 'Local Admin 2':
+    ensure => present,
+    groups => ['Administrators'],
+  }
+
+  #Purge any unmanaged users.
+  purge { 'user':
+    unless      => [
+      [ 'name', '==', 'Administrator' ],
+      [ 'name', '==', 'Guest' ],
+      [ 'name', '==', 'Local Admin 1' ],
+      [ 'name', '==', 'Local Admin 2' ],
+    ]
+  }
+
+  # (iii) Automatic logoff (Addressable)
+  # NOTE: Local Group Policy Editor tool does not show these settings as 'Enabled' but they do work.
+
+  # Set time limit for active but idle Remote Desktop Services sessions: 10 minutes
+  registry_value { 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime':
+    type   => dword,
+    data   => '0x000927c0',
+    notify => Reboot['after_run'],
+  }
+
+  # Set time limit for disconnected sessions: 5 minutes
+  registry_value { 'HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime':
+    type   => dword,
+    data   => '0x000493e0',
+    notify => Reboot['after_run'],
+  }
+
+  # Reboot is required for registry keys above if they are remediated/altered.
+  reboot { 'after_run':
+    apply       => finished,
+  }
+}