Policy: Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)

Configures auditing against a CIS Benchmark item.

Level: 2

Using Customer Managed Keys (CMK) for encrypting data at rest and in transit provides additional control over encryption keys and helps meet compliance requirements.

Targets

This policy targets the following resource types:

Azure > Databricks > Workspace

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks

Controls

Setting this policy configures this control:

Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks > 03.01.08 - Ensure that data at rest and in transit is encrypted in Azure Databricks using customer managed keys (CMK)

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks`
Valid Values [YAML]	`Per Azure > CIS v4.0 > 03 - Analytics Services > 03.01 - Azure Databricks` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071408

Policy Type URI

tmod:@turbot/azure-cisv4-0#/policy/types/r030108

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv4-0#/policy/types/r030108") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r030108'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv4-0#/policy/types/r030108'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv4-0#/policy/types/r030108"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv4-0#/policy/types/r030108"