Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is in Public Preview.
IRAP compliance controls provide enhancements that help you with Infosec Registered Assessors Program (IRAP) compliance for your workspace.
IRAP provides high-quality information and communications technology (ICT) security assessment services to the Australian government. IRAP provides a framework for assessing the implementation and effectiveness of an organization's security controls against the Australian government's security requirements. Databricks is IRAP certified.
IRAP compliance controls require enabling the compliance security profile, which adds monitoring agents, enforces instance types for inter-node encryption, provides a hardened compute image, and other features. For technical details, see Compliance security profile. It is your responsibility to confirm that each affected workspace has the compliance security profile enabled and confirm that IRAP is added as a compliance program.
IRAP compliance controls are available in the australiacentral, australiacentral2, australiaeast and australiasoutheast regions.
Which compute resources get enhanced security
The compliance security profile enhancements apply to compute resources in the classic compute plane in the australiacentral, australiacentral2, australiaeast and australiasoutheast regions.
IRAP compliance controls does not support serverless compute resources.
For more information on the classic and serverless compute planes, see Azure Databricks architecture overview.
Requirements
Your workspaces for processing IRAP data are on the Premium plan.
You must use the following VM instance types:
General purpose: Dv5 and Dsv5-series, Ddv5 and Ddsv5-series, Dlsv5 and Dldsv5-series, Dasv5 and Dadsv5-series, Dasv6 and Dadsv6-series, Dalsv6 and Daldsv6-series, Dsv6-series, Dplsv6 and Dpldsv6-series, Dpsv6 and Dpdsv6-series
Memory intensive workloads: Ev5 and Esv5-series, Edv5 and Edsv5-series, Easv5 and Eadsv5-series, Easv6 and Eadsv6-series, Epsv6 and Epdsv6-series
Compute optimized: Falsv6-series, Famsv6-series, Fasv6-series
Ensure that sensitive information is never entered in customer-defined input fields, such as workspace names, cluster names, and job names.
Enable IRAP compliance controls
To configure your workspace to support processing of data regulated by the IRAP standard, the workspace must have the compliance security profile enabled. You can enable the compliance security profile and add the IRAP compliance standard across all workspaces or only on some workspaces. See Configure enhanced security and compliance settings.
Important
- Enabling a compliance standard for a workspace is permanent.
- You are solely responsible for ensuring your own compliance with all applicable laws and regulations.
Preview features that are supported for processing data under the IRAP Protected standard
The following preview features are supported for processing of processing data regulated under IRAP Protected standard:
Public Preview:
Workspace-level SCIM provisioning
Workspace-level SCIM provisioning is a legacy feature. Databricks recommends using account-level SCIM provisioning instead.
Private Preview:
- Unity Catalog attribute-based access control (ABAC)
- Tag policies
- DBFS disablement
- Document parsing
- Alerts v2
Does Azure Databricks permit the processing of data regulated under IRAP Protected standard?
Yes, if you comply with the requirements, enable the compliance security profile, and add the IRAP compliance standard as part of the compliance security profile configuration.