Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Control: 3.1.2 Ensure that network security groups are configured for Databricks subnets

Description

Network Security Groups (NSGs) should be implemented to control inbound and outbound traffic to Azure Databricks subnets, ensuring only authorized communication. NSGs should be configured with deny rules to block unwanted traffic and restrict communication to essential sources only.

Remediation

From Azure Portal

  1. Assign NSG to Databricks subnets under Networking > NSG Settings.

Default Value

By default, Databricks subnets do not have NSGs assigned.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v400_3_1_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v400_3_1_2 --share

SQL

This control uses a named query:

select
  id as resource,
  'info' as status,
  'Manual verification required.' as reason,
  display_name as subscription
from
  azure_subscription;

Tags

category = Compliance
cis = true
cis_item_id = 3.1.2
cis_level = 1
cis_section_id = 3.1
cis_type = manual
cis_version = v4.0.0
plugin = azure
service = Azure/General