Skip to content

Commit 1e294f7

Browse files
Merge pull request #136 from v1adev/v1adev-azure-docs-link-ns-5
Fix the Azure docs link for NS-5
2 parents 0239183 + c679327 commit 1e294f7

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

configs/security_best_practices.csv

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ id,check_id,category,check,evaluation_value,severity,recommendation,aws,azure,gc
3535
34,NS-2,Network Security,Public keys for job cluster,-1,High,"Remote SSH access to clusters is discouraged, use web terminal instead",1,1,1,1,0,Check if ssh_public_keys is configured on any job cluster,curl --netrc -X GET \ https://<workspace_url>/api/2.0/jobs/list \ | jq,https://docs.databricks.com/clusters/web-terminal.html,https://learn.microsoft.com/en-us/azure/databricks/clusters/web-terminal,https://docs.gcp.databricks.com/clusters/web-terminal.html
3636
35,NS-3,Network Security,Front-end private connectivity,-1,High,"Configure private network connectivity for accessing the web application and REST APIs. You can configure AWS PrivateLink, Azure Private Link, or Google Private Service Connect. Note that enabling and requiring front-end private connectivity are different, see the documentation for details.",1,1,1,1,0,Check if private_access_settings_id is set for the workspace,curl -n -X GET 'https://accounts.cloud.databricks.com/api/2.0/accounts/<account_id>/workspaces',https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/cloud-configurations/azure/private-link,https://cloud.google.com/vpc/docs/private-access-options
3737
36,NS-4,Network Security,"Workspace uses a customer-managed VPC (AWS, GCP) or enables VNet injection (Azure)",-1,Medium,"Deploy with a customer-managed VPC (AWS, GCP) or use VNet injection (Azure) to help enforce data exfiltration protections",1,1,1,1,0,Check if network_id is set for this workspace,curl -n -X GET 'https://accounts.cloud.databricks.com/api/2.0/accounts/<account_id>/workspaces',https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject,https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/customer-managed-vpc.html
38-
37,NS-5,Network Security,IP access lists for workspace access,-1,Medium,Configure IP access lists for workspaces that restrict the IP addresses that can authenticate to help protect against data exfiltration and account takeover,1,1,1,1,0,Check if ip-access-lists are configured and enabled,curl --netrc -X GET \ https://<workspace_url>/api/2.0/ip-access-lists,https://docs.databricks.com/security/network/ip-access-list.html#add-an-ip-access-list,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/access-control/tokens#--set-maximum-lifetime-of-new-tokens-rest-api-only,https://docs.gcp.databricks.com/security/network/ip-access-list.html
38+
37,NS-5,Network Security,IP access lists for workspace access,-1,Medium,Configure IP access lists for workspaces that restrict the IP addresses that can authenticate to help protect against data exfiltration and account takeover,1,1,1,1,0,Check if ip-access-lists are configured and enabled,curl --netrc -X GET \ https://<workspace_url>/api/2.0/ip-access-lists,https://docs.databricks.com/security/network/ip-access-list.html#add-an-ip-access-list,https://learn.microsoft.com/en-us/azure/databricks/security/network/front-end/ip-access-list,https://docs.gcp.databricks.com/security/network/ip-access-list.html
3939
38,IA-5,Identity & Access,Maximum lifetime of new tokens to something other than unlimited,-1,Medium,Configure maximum lifetime for all future tokens to a value other than unlimited,1,1,1,1,0,Check workspace-conf for maxTokenLifetimeDays In Workspace setting,curl -n -X GET 'https://<workspace_url>/api/2.0/preview/workspace-conf?keys=maxTokenLifetimeDays',https://docs.databricks.com/administration-guide/access-control/tokens.html#lifetime,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/access-control/tokens#--set-maximum-lifetime-of-new-tokens-rest-api-only,https://docs.gcp.databricks.com/administration-guide/access-control/tokens.html#lifetime
4040
39,NS-6,Network Security,Secure cluster connectivity (on Azure this is also called NoPublicIp),-1,Medium,"Configure secure cluster connectivity (On Azure, this is called NoPublicIP / NPIP)",0,1,0,1,0,Check if enableNoPublicIp are configured and enabled,curl --netrc -X GET \ https://accounts.azuredatabricks.net/api/2.0/accounts/<account_id>/workspaces,N/A,https://learn.microsoft.com/en-us/azure/databricks/security/secure-cluster-connectivity,
4141
40,GOV-13,Governance,Enforce User Isolation,-1,Medium,Enforce user isolation cluster types on a workspace,1,1,1,1,0,Check workspace-conf for enforceUserIsolation In Workspace setting,curl -n -X GET 'https://<workspace_url>/api/2.0/preview/workspace-conf?keys= enforceUserIsolation',https://docs.databricks.com/security/enforce-user-isolation.html,https://learn.microsoft.com/en-us/azure/databricks/security/enforce-user-isolation,https://docs.gcp.databricks.com/security/enforce-user-isolation.html

0 commit comments

Comments
 (0)