FedRAMP High
This page describes FedRAMP High compliance controls in Databricks.
FedRAMP High overview
FedRAMP High is a U.S. federal program that standardizes security assessment, authorization, and continuous monitoring for cloud products and services at the high impact level. It applies to cloud systems where a security breach could have severe or catastrophic effects on federal operations, assets, or individuals.
What FedRAMP High covers
- Applies to cloud services handling sensitive federal data at the high impact level.
- Requires compliance with NIST SP 800-53 high baseline controls.
- Requires strict access controls, including encryption in transit and at rest.
Enable FedRAMP High compliance controls
The FedRAMP High authorization status of Databricks on AWS GovCloud is Authorized. Customers are responsible for implementing and operating applicable FedRAMP High compliance controls as documented in the Control Implementation Summary / Customer Responsibility Matrix in SSP Appendix J of the Databricks FedRAMP authorization documentation package. US Government agencies can obtain access to the Databricks FedRAMP High authorization documentation through the FedRAMP package access request form. Follow the instructions on the Databricks FedRAMP Marketplace listing (package ID: FR2324740262).
FedRAMP High compliance controls are available on Databricks on AWS GovCloud. The compliance security profile is enabled by default on all AWS GovCloud workspaces, which adds monitoring agents, provides a hardened compute image, and enforces Nitro instance types for inter-node encryption. Automatic cluster update and enhanced security monitoring are also enabled. For setup requirements, see Databricks on AWS GovCloud.
You are solely responsible for verifying that sensitive information is never entered in customer-defined input fields, such as workspace names, compute resource names, tags, job names, job run names, network names, credential names, storage account names, and Git repository IDs or URLs. These fields might be stored, processed, or accessed outside the compliance boundary.
Regional support for features
This table shows feature availability for the selected compliance standard across all supported Databricks regions. Some features may be listed as available before they are actually released.
Feature |
|
|---|---|
AI Functions - Classification | |
AI Functions - Document Parsing | |
AI Functions - Information Extraction | |
AI Functions - Prep Search | |
Anomaly Detection | |
Classic Compute | ✓ |
Clean Rooms | |
Data Classification | |
Databricks Apps | ✓ |
Default Storage | |
Genie | ✓ |
Genie Agent Mode | |
Genie Code | ✓ |
Genie Code Agent Mode | ✓ |
Genie Code Dashboard Agent | ✓ |
Genie Spaces | ✓ |
Knowledge Assistant | |
Lakebase Autoscaling | |
Lakeflow Connect - Confluence | ✓ |
Lakeflow Connect - Dynamics 365 | |
Lakeflow Connect - GA4 | |
Lakeflow Connect - Google Ads | ✓ |
Lakeflow Connect - HubSpot | ✓ |
Lakeflow Connect - Meta Ads | ✓ |
Lakeflow Connect - MySQL | ✓ |
Lakeflow Connect - NetSuite | |
Lakeflow Connect - PostgreSQL | ✓ |
Lakeflow Connect - SFTP | |
Lakeflow Connect - Salesforce | |
Lakeflow Connect - ServiceNow | |
Lakeflow Connect - SharePoint | |
Lakeflow Connect - TikTok Ads | ✓ |
Lakeflow Connect - Workday HCM | |
Lakeflow Connect - Workday Reports (RaaS) | |
Lakeflow Connect - Zendesk Support | ✓ |
Lakeflow Connect - Zerobus Ingest | ✓ |
Lakeflow Jobs | ✓ |
Lakeflow Pipelines Editor | ✓ |
Lakehouse Monitoring | ✓ |
MLflow on Databricks | ✓ |
Managed MCP Servers | ✓ |
Model Serving - AI Gateway | ✓ |
Model Serving - AI Guardrail | |
Model Serving - AI Playground | |
Model Serving - Custom Models | ✓ |
Model Serving - External Models | ✓ |
Model Serving - Foundation Models AI Function (ai_query) | |
Model Serving - Foundation Models Pay-Per-Token | ✓ |
Predictive Optimization | ✓ |
Serverless Jobs/Workflows/Notebooks | ✓ |
Serverless Lakeflow Pipelines | ✓ |
Serverless SQL warehouses | ✓ |
Serverless Workspace | |
Supervisor Agent | |
Vector Search (Standard) | ✓ |
Vector Search (Storage Optimized) |