Configure enhanced security and compliance settings

Preview

The automatic cluster update feature and the ability to enable Enhanced Security and Compliance features from the account console are in Public Preview.

The compliance security profile (with compliance standards) and enhanced security monitoring are generally available.

This article describes how to configure it on your Databricks workspace or account. See the pricing page.

This add-on requires the Enterprise pricing tier.

Enable enhanced security and compliance features on a workspace

Account admins can enable the compliance security profile, add compliance standards, enable enhanced security monitoring, and enable automatic cluster update on a workspace.

  1. As an account admin, go to the account console.

  2. Click Workspaces.

  3. Click on your workspace’s name.

  4. Click Security and compliance.

  5. To enable the compliance security profile, next to Compliance security profile, click Enable.

    In the Compliance security profile dialog, optionally select compliance standards and click Save.

    Important

    • If you enable the compliance security profile or add compliance standards to a workspace, the effect is intended to be permanent for that workspace.

    • Neither the compliance security profile nor individual compliance standards can be removed from a workspace if regulated data was previously processed in that workspace. You can delete the workspace and create a new workspace without the compliance security profile or with a different compliance standard. If you need additional help, contact Databricks support.

    • Before you process PHI data, it is your responsibility to ensure that you have a BAA agreement with Databricks.

  6. To enable enhanced security monitoring, select the checkbox Enhanced security monitoring.

    If you enable the compliance security profile, enhanced security monitoring is automatically enabled.

  7. To enable automatic cluster update, select or unselect the checkbox Automatic cluster update.

    If you enable the compliance security profile, automatic cluster update is automatically enabled.

Set account-level defaults for new workspaces

Account admins can configure settings for security profile (with compliance standards) or enhanced security monitoring at an account level to apply to all new workspaces. When you enable the compliance security profile as a default for new workspaces, enhanced security monitoring and automatic cluster update are also enabled for new workspaces.

  1. As an account admin, go to the account console.

  2. In the sidebar, click Settings.

  3. Click the Security and compliance tab.

  4. In the sidebar, click Enhanced Security and Compliance Settings.

  5. To enable the compliance security profile, next to Compliance security profile, click Configure.

    In the Compliance security profile for new workspaces dialog, select Enabled, select one or compliance standards or select None and click Save.

    Important

    Before you process PHI data, it is your responsibility to ensure that you have a BAA agreement with Databricks.

  6. To enable enhanced security monitoring, select the checkbox Enhanced security monitoring for new workspaces.