From 6c418947863bea75308309014973a2bf5e9c2c97 Mon Sep 17 00:00:00 2001 From: mikeCRL Date: Fri, 30 Jan 2026 01:51:23 -0500 Subject: [PATCH] Reflect HIPAA, PCI DSS compliance for Cloud on Azure --- src/current/cockroachcloud/cockroachdb-advanced-on-azure.md | 4 ++-- src/current/cockroachcloud/compliance.md | 6 +----- src/current/cockroachcloud/create-an-advanced-cluster.md | 2 +- src/current/cockroachcloud/egress-perimeter-controls.md | 2 +- src/current/cockroachcloud/pci-dss.md | 2 -- 5 files changed, 5 insertions(+), 11 deletions(-) diff --git a/src/current/cockroachcloud/cockroachdb-advanced-on-azure.md b/src/current/cockroachcloud/cockroachdb-advanced-on-azure.md index 517812f89ac..36a117bd10c 100644 --- a/src/current/cockroachcloud/cockroachdb-advanced-on-azure.md +++ b/src/current/cockroachcloud/cockroachdb-advanced-on-azure.md @@ -13,8 +13,8 @@ To express interest or request more information about a given limitation, contac CockroachDB {{ site.data.products.advanced }} clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team. - A cluster must have at minimum three nodes. A multi-region cluster must have at minimum three nodes per region. Single-node clusters are not supported on Azure. -- CockroachDB {{ site.data.products.advanced }} on Azure meets or exceeds the requirements of SOC 2 Type 2. (Refer to [Regulatory Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/compliance.md %}).) However, note that the following features needed for [PCI-Ready]({% link cockroachcloud/pci-dss.md %}) and HIPAA compliance are in Preview for Azure: - - [Customer Managed Encryption Keys (CMEK)]({% link cockroachcloud/cmek.md %}) +- CockroachDB {{ site.data.products.advanced }} on Azure meets or exceeds the requirements of SOC 2 Type 2, and now supports [PCI DSS]({% link cockroachcloud/pci-dss.md %}) and HIPAA compliance. (Refer to [Regulatory Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/compliance.md %}).) Note that the following features required for PCI DSS and HIPAA compliance are in Preview for Azure: + - [Customer Managed Encryption Keys (CMEK)]({% link cockroachcloud/cmek.md %}) - [Egress Perimeter Controls]({% link cockroachcloud/egress-perimeter-controls.md %}) You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB {{ site.data.products.advanced }} cluster on Azure, and you can use [Azure Private Link](https://learn.microsoft.com/azure/private-link/private-link-overview) to connect your applications in Azure to your cluster and avoid exposing your cluster or applications to the public internet. Refer to [Connect to your cluster]({% link cockroachcloud/connect-to-your-cluster.md %}#azure-private-link). diff --git a/src/current/cockroachcloud/compliance.md b/src/current/cockroachcloud/compliance.md index f1c566cd389..6ba52f8b5fb 100644 --- a/src/current/cockroachcloud/compliance.md +++ b/src/current/cockroachcloud/compliance.md @@ -17,17 +17,13 @@ CockroachDB {{ site.data.products.cloud }} meets or exceeds the requirements of CockroachDB {{ site.data.products.advanced }} has been certified by a PCI Qualified Security Assessor (QSA) as a PCI DSS Level 1 Service Provider. When configured appropriately, CockroachDB {{ site.data.products.advanced }} meets the requirements of PCI DSS 4.0. PCI DSS is mandated by credit card issuers but administered by the [Payment Card Industry Security Standards Council](https://www.pcisecuritystandards.org/). Many organizations that do not store cardholder data still rely on compliance with PCI DSS to help protect other sensitive or confidential data or metadata. -Features to support PCI DSS are not yet available on Azure. - To learn more, refer to [PCI DSS Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/pci-dss.md %}). ## HIPAA The Health Insurance Portability and Accountability Act of 1996, commonly referred to as _HIPAA_, defines standards for the storage and handling of personally-identifiable information (PII) related to patient healthcare and health insurance (also referred to as Private Health Information, or PHI). -When configured appropriately for [PCI DSS Compliance]({% link cockroachcloud/pci-dss.md %}), CockroachDB {{ site.data.products.advanced }} on AWS and GCP also meets the requirements of HIPAA. - -Features to support HIPAA are not yet available on Azure. +When configured appropriately for [PCI DSS Compliance]({% link cockroachcloud/pci-dss.md %}), CockroachDB {{ site.data.products.advanced }} on AWS, GCP, and Azure also meets the requirements of HIPAA. ## ISO 27001 and ISO 27017 diff --git a/src/current/cockroachcloud/create-an-advanced-cluster.md b/src/current/cockroachcloud/create-an-advanced-cluster.md index 7712e2f56ea..41bc53d30e3 100644 --- a/src/current/cockroachcloud/create-an-advanced-cluster.md +++ b/src/current/cockroachcloud/create-an-advanced-cluster.md @@ -96,7 +96,7 @@ Click **Next: Security**. ## Step 6. Configure advanced security features -You can enable advanced security features for PCI DSS and HIPAA [compliance]({% link cockroachcloud/compliance.md %}) at an additional cost. These features are not yet available for CockroachDB {{ site.data.products.advanced }} on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}). +You can enable advanced security features for PCI DSS and HIPAA [compliance]({% link cockroachcloud/compliance.md %}) at an additional cost. These features are in Preview for CockroachDB {{ site.data.products.advanced }} on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}). {{site.data.alerts.callout_danger}} Advanced security features cannot be enabled or disabled after cluster creation. diff --git a/src/current/cockroachcloud/egress-perimeter-controls.md b/src/current/cockroachcloud/egress-perimeter-controls.md index 5ba0cdfbcfe..f9cf08d855f 100644 --- a/src/current/cockroachcloud/egress-perimeter-controls.md +++ b/src/current/cockroachcloud/egress-perimeter-controls.md @@ -30,7 +30,7 @@ Regardless of user-specific Egress Perimeter Control policy, egress is always pe ## Before you begin -- Egress Perimeter Controls are supported on AWS and GCP for the following deployment types: +- Egress Perimeter Controls are supported on AWS, GCP, and Azure for the following deployment types: - CockroachDB {{ site.data.products.advanced }} clusters with [advanced security features]({% link cockroachcloud/create-an-advanced-cluster.md %}#step-6-configure-advanced-security-features). - CockroachDB {{ site.data.products.advanced }} [Private Clusters]({% link cockroachcloud/private-clusters.md %}). diff --git a/src/current/cockroachcloud/pci-dss.md b/src/current/cockroachcloud/pci-dss.md index d4a91cabdc9..5afacad23e7 100644 --- a/src/current/cockroachcloud/pci-dss.md +++ b/src/current/cockroachcloud/pci-dss.md @@ -20,8 +20,6 @@ This page provides information about compliance with PCI DSS within CockroachDB When a CockroachDB {{ site.data.products.advanced }} cluster is configured appropriately for compliance with PCI DSS, the cluster also meets the requirements of the Health Insurance Portability and Accountability Act of 1996, commonly referred to as _HIPAA_. {{site.data.alerts.end}} -Features to support PCI DSS are not yet available on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}). - ## Overview of PCI DSS When a system complies with PCI DSS, the system meets the goals of the standard by implementing a series of requirements, as assessed by an independent PCI QSA. The following table, which is published in Payment Card Industry Security Standards Council's [PCI DSS Quick Reference Guide, version 4.x](https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI-DSS-v4_x-QRG.pdf), summarizes the goals and requirements of PCI DSS.