PCI-DSS compliance controls
Important
The ability for admins to add Enhanced Security and Compliance features is a feature in Public Preview. The compliance security profile and support for compliance standards are generally available (GA).
PCI-DSS compliance controls provide enhancements that help you with payment card industry (PCI) compliance for your workspace.
PCI-DSS compliance controls require enabling the compliance security profile, which adds monitoring agents, provides a hardened compute image, and other features. For technical details, see Compliance security profile. It is your responsibility to confirm that each workspace has the compliance security profile enabled if it’s needed.
Which compute resources get enhanced security
The compliance security profile enhancements apply to compute resources in the classic compute plane in all regions.
Azure Databricks does not allow starting serverless SQL warehouses when PCI-DSS is selected on a workspace.
Requirements
- Your workspaces for processing PCI data are on the Premium plan.
- Your workspace enables the compliance security profile and adds the PCI-DSS compliance standard to it. Review the requirements, including which instance types are unsupported.
- Ensure that sensitive information is never entered in customer-defined input fields, such as workspace names, cluster names, and job names.
Enable PCI-DSS compliance controls on a workspace
To configure your workspace to support processing of data regulated by the PCI-DSS standard, the workspace must have the compliance security profile enabled. You can enable the compliance security profile and add the PCI-DSS compliance standard across all workspaces or only on some workspaces.
Each workspace must have the compliance security profile enabled.
Add the PCI-DSS compliance standard to a new workspace or an existing workspace using the Azure portal or an ARM template. See Configure enhanced security and compliance settings
Preview features that are supported for processing credit card payment data
The following preview features are supported for processing of processing credit card payment data:
- SCIM provisioning
- Secret paths in environment variables
- System tables
- Lakehouse Federation to Redshift
- Liquid clustering for Delta tables
- Unity Catalog-enabled DLT pipelines
- Databricks Assistant
- Scala support for shared clusters
Does Azure Databricks permit the processing of credit card payment data on Azure Databricks?
Yes, if you comply with the requirements, enable the compliance security profile, and add the PCI-DSS compliance standard as part of the compliance security profile configuration.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for