Control: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
Configures auditing against a CIS Benchmark item.
Level: 1
Personal Access Tokens (PATs) are used for authentication when accessing Databricks REST APIs and can be used to access sensitive data. It's important to restrict PAT creation and ensure all PATs have defined expiry dates.
Restricting PAT usage and enforcing expiry dates provides: - Reduced risk of credential compromise - Better control over API access - Compliance with security best practices for credential management - Regular rotation of authentication credentials
This control requires manual verification to confirm that PAT restrictions and expiry policies are configured in the Databricks workspace.
Resource Types
This control targets the following resource types:
Policies
This control type relies on these other policies when running actions:
- Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens
- Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.06 - Ensure that usage is restricted and expiry is enforced for Databricks personal access tokens > Attestation
- Azure > CIS v5.0 > Maximum Attestation Duration
- Azure > CIS v5.0
- Azure > CIS v5.0 > 2 - Analytics Services
- Azure > CIS v5.0 > 2 - Analytics Services > Maximum Attestation Duration
Category
In Your Workspace
Developers
- tmod:@turbot/azure-cisv5-0#/control/types/r020106
- tmod:@turbot/cis#/control/categories/v071607
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cisv5-0#/control/types/r020106"
Get Controls