Skip to content

Reflect HIPAA, PCI DSS compliance for Cloud on Azure #22415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mikeCRL wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Reflect HIPAA, PCI DSS compliance for Cloud on Azure #22415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/current/cockroachcloud/cockroachdb-advanced-on-azure.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ To express interest or request more information about a given limitation, contac
CockroachDB {{ site.data.products.advanced }} clusters on Azure have the following temporary limitations. To express interest or request more information about a given limitation, contact your Cockroach Labs account team.

- A cluster must have at minimum three nodes. A multi-region cluster must have at minimum three nodes per region. Single-node clusters are not supported on Azure.
- CockroachDB {{ site.data.products.advanced }} on Azure meets or exceeds the requirements of SOC 2 Type 2. (Refer to [Regulatory Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/compliance.md %}).) However, note that the following features needed for [PCI-Ready]({% link cockroachcloud/pci-dss.md %}) and HIPAA compliance are in Preview for Azure:
- [Customer Managed Encryption Keys (CMEK)]({% link cockroachcloud/cmek.md %})
- CockroachDB {{ site.data.products.advanced }} on Azure meets or exceeds the requirements of SOC 2 Type 2, and now supports [PCI DSS]({% link cockroachcloud/pci-dss.md %}) and HIPAA compliance. (Refer to [Regulatory Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/compliance.md %}).) Note that the following features required for PCI DSS and HIPAA compliance are in Preview for Azure:
- [Customer Managed Encryption Keys (CMEK)]({% link cockroachcloud/cmek.md %})
- [Egress Perimeter Controls]({% link cockroachcloud/egress-perimeter-controls.md %})

You can configure IP allowlisting to limit the IP addresses or CIDR ranges that can access a CockroachDB {{ site.data.products.advanced }} cluster on Azure, and you can use [Azure Private Link](https://learn.microsoft.com/azure/private-link/private-link-overview) to connect your applications in Azure to your cluster and avoid exposing your cluster or applications to the public internet. Refer to [Connect to your cluster]({% link cockroachcloud/connect-to-your-cluster.md %}#azure-private-link).
Expand Down
6 changes: 1 addition & 5 deletions src/current/cockroachcloud/compliance.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,13 @@ CockroachDB {{ site.data.products.cloud }} meets or exceeds the requirements of

CockroachDB {{ site.data.products.advanced }} has been certified by a PCI Qualified Security Assessor (QSA) as a PCI DSS Level 1 Service Provider. When configured appropriately, CockroachDB {{ site.data.products.advanced }} meets the requirements of PCI DSS 4.0. PCI DSS is mandated by credit card issuers but administered by the [Payment Card Industry Security Standards Council](https://www.pcisecuritystandards.org/). Many organizations that do not store cardholder data still rely on compliance with PCI DSS to help protect other sensitive or confidential data or metadata.

Features to support PCI DSS are not yet available on Azure.

To learn more, refer to [PCI DSS Compliance in CockroachDB {{ site.data.products.advanced }}]({% link cockroachcloud/pci-dss.md %}).

## HIPAA

The Health Insurance Portability and Accountability Act of 1996, commonly referred to as _HIPAA_, defines standards for the storage and handling of personally-identifiable information (PII) related to patient healthcare and health insurance (also referred to as Private Health Information, or PHI).

When configured appropriately for [PCI DSS Compliance]({% link cockroachcloud/pci-dss.md %}), CockroachDB {{ site.data.products.advanced }} on AWS and GCP also meets the requirements of HIPAA.

Features to support HIPAA are not yet available on Azure.
When configured appropriately for [PCI DSS Compliance]({% link cockroachcloud/pci-dss.md %}), CockroachDB {{ site.data.products.advanced }} on AWS, GCP, and Azure also meets the requirements of HIPAA.

## ISO 27001 and ISO 27017

Expand Down
2 changes: 1 addition & 1 deletion src/current/cockroachcloud/create-an-advanced-cluster.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ Click **Next: Security**.

## Step 6. Configure advanced security features

You can enable advanced security features for PCI DSS and HIPAA [compliance]({% link cockroachcloud/compliance.md %}) at an additional cost. These features are not yet available for CockroachDB {{ site.data.products.advanced }} on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}).
You can enable advanced security features for PCI DSS and HIPAA [compliance]({% link cockroachcloud/compliance.md %}) at an additional cost. These features are in Preview for CockroachDB {{ site.data.products.advanced }} on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}).

{{site.data.alerts.callout_danger}}
Advanced security features cannot be enabled or disabled after cluster creation.
Expand Down
2 changes: 1 addition & 1 deletion src/current/cockroachcloud/egress-perimeter-controls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Regardless of user-specific Egress Perimeter Control policy, egress is always pe

## Before you begin

- Egress Perimeter Controls are supported on AWS and GCP for the following deployment types:
- Egress Perimeter Controls are supported on AWS, GCP, and Azure for the following deployment types:
- CockroachDB {{ site.data.products.advanced }} clusters with [advanced security features]({% link cockroachcloud/create-an-advanced-cluster.md %}#step-6-configure-advanced-security-features).
- CockroachDB {{ site.data.products.advanced }} [Private Clusters]({% link cockroachcloud/private-clusters.md %}).

Expand Down
2 changes: 0 additions & 2 deletions src/current/cockroachcloud/pci-dss.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ This page provides information about compliance with PCI DSS within CockroachDB
When a CockroachDB {{ site.data.products.advanced }} cluster is configured appropriately for compliance with PCI DSS, the cluster also meets the requirements of the Health Insurance Portability and Accountability Act of 1996, commonly referred to as _HIPAA_.
{{site.data.alerts.end}}

Features to support PCI DSS are not yet available on Azure. Refer to [CockroachDB {{ site.data.products.advanced }} on Azure]({% link cockroachcloud/cockroachdb-advanced-on-azure.md %}).

## Overview of PCI DSS

When a system complies with PCI DSS, the system meets the goals of the standard by implementing a series of requirements, as assessed by an independent PCI QSA. The following table, which is published in Payment Card Industry Security Standards Council's [PCI DSS Quick Reference Guide, version 4.x](https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Supporting%20Document/PCI-DSS-v4_x-QRG.pdf), summarizes the goals and requirements of PCI DSS.
Expand Down