FedRAMP Moderate compliance controls

FedRAMP Moderate compliance controls provide enhancements that help you with FedRAMP Moderate compliance for your workspace.

FedRAMP Moderate compliance controls requires enabling the compliance security profile, which adds monitoring agents, enforces instance types for inter-node encryption, provides a hardened compute image, and other features. For technical details, see Enable the compliance security profile. It is your responsibility to confirm that each workspace has the compliance security profile enabled.

The data plane enhancements that are discussed in this document apply only to the Classic data plane in your AWS account. The additional security controls and monitoring do not apply to serverless compute, which runs compute resources in the serverless data plane in your Databricks account. For example, these new controls apply to pro and classic SQL warehouses, but do not apply to serverless SQL warehouses.

Important

• Databricks is a FedRAMP® Authorized Cloud Service Offering (CSO) at the moderate impact Level in the AWS US East-1 and US West-2 (commercial) regions.

• US Government agencies may access the Databricks on AWS FedRAMP® package on OMB Max. US Government agencies can gain access to the package by submitting a Package Access Request Form and submitting it toinfo@fedramp.gov.

• Additional information regarding Databricks and FedRAMP® compliance is located on the Databricks Security and Trust Center.

Requirements

• Your Databricks account must include the Enhanced Security and Compliance add-on. For details, see the pricing page.

• Your Databricks workspace is on the E2 version of the platform.

• Your Databricks workspace is on the Enterprise tier.

• Your Databricks workspace is deployed in AWS region US East-1 and US West-2.

• Single sign-on (SSO) authentication is configured for the workspace.

• Enabling the compliance security profile at the account level or for specific workspaces.

Enable FedRAMP Moderate compliance controls

To configure your account or workspace to support processing of data regulated by the FedRAMP standard, enable the compliance security profile. One of those steps includes contacting your Databricks representative. When you do so, also request the FedRAMP compliance controls. You will receive additional information and agreements to sign. When ordering, you have the option to enable this functionality across all workspaces on an account, or only on individual workspaces

Does Databricks permit the processing data protected by FedRAMP Moderate?

Databricks permits the processing of data protected by FedRAMP Moderate under the condition of a signed agreement. Contact your Databricks representative for more information.

Preview features that are supported for processing data protected by FedRAMP Moderate

The following preview features are supported for processing data protected by FedRAMP Moderate:

• Customer-managed keys for managed services

• Store interactive notebook results in customer account.

• SCIM provisioning

• Cluster policies

• Service Principals and OBO tokens

• IAM passthrough

• Deliver and access billable usage logs

• Secret paths in environment variables

• Automatic cluster update