UK Cyber Essentials Plus compliance controls
UK Cyber Essentials Plus compliance controls (UKCE+) provide enhancements that help you with cyber essentials compliance for your workspace. UKCE+ is a certification created by the UK government to simplify and standardize IT security practices for commercial organizations who interact with UK government data.
UKCE+ require enabling the compliance security profile, which adds monitoring agents, provides a hardened compute image, and other features. For technical details, see Compliance security profile. It is your responsibility to confirm that each workspace has the compliance security profile enabled and confirm that UKCE+ is added as a compliance program.
UKCE+ compliance controls is only available in the ukwest
and uksouth
regions.
Which compute resources get enhanced security
The compliance security profile enhancements apply to compute resources in the classic compute plane in all supported regions.
UK Cyber Essentials Plus compliance controls does not support serverless compute resources.
Requirements
Your Databricks account must include the Enhanced Security and Compliance add-on. For details, see the pricing page.
Your workspaces for processing UKCE+ data are on the Premium plan.
Your Databricks workspace must be in the
ukwest
oruksouth
Azure region.Your workspace must enable the compliance security profile and adds the UKCE+ compliance standard to it. Review the requirements, including which instance types are unsupported.
Ensure that sensitive information is never entered in customer-defined input fields, such as workspace names, cluster names, and job names.
Enable UK Cyber Essentials Plus compliance controls on a workspace
To configure your workspace to support processing of data regulated by the UKCE+ standard, the workspace must have the compliance security profile enabled. You can enable the compliance security profile and add the UKCE+ compliance standard across all workspaces or only on some workspaces.
Each workspace must have the compliance security profile enabled.
Add the UKCE+ compliance standard to a new workspace or an existing workspace using the Azure portal or an ARM template. See Configure enhanced security and compliance settings
Important
- Enabling a compliance standard for a workspace is permanent.
- You are solely responsible for ensuring your own compliance with all applicable laws and regulations.
Preview features that are supported for processing of data regulated under UKCE+ standard
The following preview features are supported for processing of processing of data regulated under UKCE+ standard:
Workspace-level SCIM provisioning
Workspace-level SCIM provisioning is legacy. Databricks recommends using account-level SCIM provisioning, which is generally available.
Delta Live Tables Hive metastore to Unity Catalog clone API
Does Azure Databricks permit the processing of data regulated under UKCE+ standard on Azure Databricks?
Yes, if you comply with the requirements, enable the compliance security profile, and add the UKCE+ compliance standard as part of the compliance security profile configuration.