💼 2.1.2 Ensure that network security groups are configured for Databricks subnets (Automated)

ID: /frameworks/cis-azure-v5.0.0/02/01/02

Description

Network Security Groups (NSGs) should be implemented to control inbound and outbound traffic to Azure Databricks subnets, ensuring only authorized communication. NSGs operate using a rule-based model that includes both explicit allow/deny rules and an implicit deny at the end of the rule list. This means that any traffic not explicitly allowed is automatically denied. To ensure secure and predictable behavior, NSGs should be configured with explicit deny rules for known unwanted traffic, in addition to the default implicit deny, to improve visibility and auditability of blocked traffic. This approach helps enforce least privilege and minimizes the risk of unauthorized access to Databricks resources.

Similar

Sections
- /frameworks/cis-azure-v4.0.0/03/01/02
- /frameworks/cis-azure-v6.0.0/02/01/02

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v4.0.0 → 💼 3.1.2 Ensure that network security groups are configured for Databricks subnets (Manual)					no data
💼 CIS Azure v6.0.0 → 💼 2.1.2 Ensure that Network Security Groups are Configured for Databricks Subnets (Automated)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v6.0.0 → 💼 2.1.2 Ensure that Network Security Groups are Configured for Databricks Subnets (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Databricks Workspace network security groups are not configured🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​