Databricks now provides HIPAA, PCI-DSS, and FedRAMP Moderate compliance controls on AWS (E2 architecture)

Databricks on AWS is trusted by customers in regulated industries to analyze and gain insights from their most sensitive data utilizing the data lakehouse paradigm. Our security program incorporates industry-leading best practices to fulfill our customers' security needs. Security measures that aided with Payment Card Industry Data Security Standard (PCI-DSS) and Health Insurance Portability and Accountability Act (HIPAA) compliance were previously only available through AWS' classic (also known as single-tenant) configuration. We're excited to share a new set of security controls (now generally available) that can help with PCI, HIPAA, and also FedRAMP Moderate* compliance for E2 architecture deployments. These new security controls include:

• Enhanced security monitoring which will install additional security agents to the cluster VMs to monitor for antivirus and malware, file integrity and other vulnerabilities.
• Use of only enhanced hardened Ubuntu operating system based images with CIS benchmark level 1 controls for your cluster virtual machines
• Use of AWS Nitro System to enforce encryption at rest and encryption in transit between the cluster nodes
• Limiting the Databricks Runtime versions for the cluster to versions that have compliance controls
  Use of TLS 1.2 encryption or higher for encrypting data in transit

Visit the PCI-DSS on AWS, HIPAA and FedRAMP Moderate page to learn more about the new security controls. Visit the Databricks AWS pricing page to learn about the pricing and please fill out this sign up form to request access.

*Databricks is actively working towards delivering a FedRAMP Authorized CSO SaaS (Cloud Service Offering of Software-as-a-Service) at Moderate Impact Level in the AWS US-East and US-West (commercial) regions. See the latest status here.