Skip to main content

Compliance security profile

Preview

This feature is in Public Preview.

This page describes the compliance security profile, its compliance controls, and supported features. To enable the compliance security profile, see Configure enhanced security and compliance settings.

Compliance security profile overview

The compliance security profile enables additional monitoring, a hardened compute image, and other features and controls on Databricks workspaces. The compliance security profile includes controls that help meet the applicable security requirements of some compliance standards. Enabling the compliance security profile is required to use Databricks to process data that is regulated under the following compliance standards:

You can also choose to enable the compliance security profile for its enhanced security features without conforming to a compliance standard.

If you enable this feature on any workspace, you are charged for the Enhanced Security and Compliance add-on as described on the pricing page.

important

  • If your workspace was enabled for HIPAA compliance prior to the release of the compliance security profile, you must enable the compliance security profile for your workspace.

  • You are solely responsible for ensuring your own compliance with all applicable laws and regulations.

Compliance security profile security enhancements

Security enhancements include:

  • A hardened operating system image based on Ubuntu Advantage, an enterprise-grade package of security and support for open source infrastructure and applications. Ubuntu Advantage includes:

  • Automatic cluster updates, ensuring clusters have the latest updates by periodically restarting them during configurable maintenance windows. See Automatic cluster update.

  • Enhanced security monitoring, which includes monitoring agents that generate reviewable logs. See Monitoring agents in Databricks compute plane images.

  • Communications within the cluster and for egress use TLS 1.2 or higher, including communication with the metastore.

Classic and serverless compute support by region

The compliance security profile determines which compliance standards are enforced for compute resources in both the classic and serverless compute planes.

Classic compute resources support a wide range of compliance standards across regions. Serverless compute resources (serverless SQL warehouses, serverless compute for notebooks and workflows, and serverless Lakeflow Declarative Pipelines) have more limited support depending on the compliance standard and region.

The table below lists which compliance standards are supported in each compute plane and the corresponding supported regions:

Compliance standard

Classic compute plane support

Serverless compute plane support

C5

eu-central-1

None

HIPAA

All regions

All regions with serverless

PCI-DSS

All regions

None

For more information on compute plane architecture, see High-level architecture.

Supported preview features

Only the preview features listed in this section are supported for processing data regulated under compliance standards. All other preview features are not supported.

Public Preview features

Beta features

Private Preview features

  • DBFS disablement
  • Databricks One
  • Data governance hub

Preview features available only with serverless compute

These features are only supported with compliance standards that support the serverless compute plane. See Classic and serverless compute support by region.

Serverless Public Preview features

Serverless Beta features

Serverless Private Preview features

  • Serverless forecasting Python SDK

Additional preview features supported with HIPAA

HIPAA supports all of the preview features above and also the following additional preview features:

Last updated on