Announcing new security controls and compliance certifications for Azure Databricks and AWS Databricks SQL Serverless

We're excited to share a new set of security controls and compliance certifications that can help with regulatory compliance on Azure Databricks and AWS Databricks SQL Serverless. Generally available today, Azure Databricks is now certified PCI-DSS (Classic) and HIPAA (Databricks SQL Serverless, Model Serving) compliant. Additionally, AWS Databricks SQL Serverless is certified HIPAA, PCI and FedRAMP Moderate compliant as a public preview. These capabilities are available through the Databricks Enhanced Security and Compliance Add-On.

Customers all over the world trust us with their most sensitive data. Databricks has implemented and continues adding controls to meet the unique compliance needs of our highly regulated customers. Amongst our most common requests are security controls allowing customers to process regulated and sensitive data within Databricks to comply with Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Federal Risk and Authorization Management Program (FedRAMP).

This blog will provide an overview of our new compliance certifications on Azure Databricks and AWS Databricks SQL Serverless and highlight the capabilities that are available to help you configure your environment with all of the necessary controls to support these new certifications with the Databricks Enhanced Security and Compliance Add-On.

Azure Databricks is now PCI-DSS (Classic) and HIPAA (Databricks SQL Serverless, Model Serving) compliant

We are excited to announce that Azure Databricks is now compliant under PCI-DSS, and Azure Databricks SQL Serverless and Model Serving are compliant under HIPAA. Both of these certifications are now generally available. This complements the existing compliance certification controls already available on the Azure Databricks Classic compute plane.

To configure your Azure Databricks workspaces to process PCI data, you must enable the Compliance Security Profile, part of the Databricks Enhanced Security and Compliance Add-On, now generally available.

AWS Databricks SQL Serverless is now HIPAA, PCI and FedRAMP Moderate compliant

AWS Databricks SQL (DB SQL) Serverless provides the best performance with instant and elastic compute, lowers costs, and enables you to focus on delivering the most value to your business rather than managing infrastructure. We are thrilled to announce that AWS DB SQL Serverless is certified compliant under HIPAA, PCI-DSS, and FedRAMP Moderate. This complements the existing HIPAA, PCI-DSS, and FedRAMP Moderate compliance controls already available for the Databricks AWS Classic compute plane.

The Compliance Security Profile, part of the Enhanced Security and Compliance Add-On, now supports AWS SQL Serverless Warehouses. This support is in public preview and will be available initially on the AWS us-east-1 region. If you already have the Databricks Enhanced Security and Compliance Add-On and your workspace is already configured with the Compliance Security Profile, AWS DB SQL Serverless Warehouses will be available in those workspaces over the next few weeks.

Take advantage of the highest standard for Databricks security with the Enhanced Security and Compliance Add-On

At Databricks, we recognize that maintaining data security and compliance is a top priority for our customers. Some customers want additional security controls, especially security monitoring, and others require features like FIPS 140-2 encryption and cluster update enforcement for compliance. That is why Databricks introduced Enhanced Security and Compliance Add-On to help simplify the complexity of meeting security and regulatory requirements for our customers. Two offerings make up Enhanced Security and Compliance Add-On:

Enhanced Security Monitoring: Enhanced Security Monitoring provides customers with increased visibility, threat protection and security hardening for their workloads. Benefits of this offering include:

• Canonical Ubuntu Advantage VMs with enhanced CIS Level 1 hardening
• Behavior-based malware monitoring and file integrity monitoring
• Malware and antivirus detection
• Vulnerability reports of the host OS

With Enhanced Security Monitoring, security event logs from security monitoring agents are made available along with your regular Databricks audit logs, providing comprehensive security monitoring in your organization's SIEM or Databricks platform. These logs come with contextual information that assists analysts in quickly determining the origin of suspicious activity without requiring a lengthy investigation.

Compliance Security Profile: The Compliance Security Profile facilitates compliance governance for workspaces by providing a validated security baseline that combines the security capabilities of Enhanced Security Monitoring with additional security features to address the applicable controls of PCI-DSS and HIPAA. The Compliance Security Profile is our most secure baseline for the Databricks compute plane, helping customers to meet and manage their compliance control requirements much easier. Key benefits of this offering include:

• The Enhanced Security Monitoring security enhancements listed above
• FIPS 140-2 Level 1 validated encryption modules (AWS only)
• AWS Nitro VM enforcement for data at rest and in transit encryption (AWS only)
• Automatic Cluster Update allows you to configure a workspace with a monthly or twice-monthly schedule to restart compute resources automatically. This capability helps admins and users plan downtime for restarting compute resources to get the latest images and security updates.

You can activate Databricks Enhanced Security and Compliance as an add-on SKU for the enterprise (AWS) and premium (Azure) tiers.

Getting Started

Visit our pricing page for more information on how to activate the Databricks Enhanced Security and Compliance Add-On. Refer to our documentation for step-by-step instructions on enabling Enhanced Security Monitoring (AWS | Azure) or the Compliance Security Profile (AWS | Azure) to harden your Azure Databricks, AWS SQL Serverless, and AWS Classic compute plane workspaces.

Please visit our Security and Trust Center for more information about Databricks security features and compliance certifications.