Policy: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.02 - Ensure that network security groups are configured for Databricks subnets
Configures auditing against a CIS Benchmark item.
Level: 2
Network Security Groups (NSGs) allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Databricks recommends that you configure NSG rules for both public and private subnets used by Databricks clusters. This helps protect against unauthorized network access and ensures that only approved traffic can reach your Databricks resources.
This control requires manual verification to ensure that: - NSGs are attached to both public and private subnets used by Databricks - NSG rules are appropriately configured to allow Databricks control plane traffic - NSG rules restrict unauthorized access
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv5-0#/policy/types/r020102
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/r020102"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/r020102"
Get Policy TypeGet Policy Settings