Best practice rules for Amazon SageMaker
Trend Micro Cloud One™ – Conformity monitors Amazon SageMaker with the following rules:
- Amazon SageMaker Notebook Instance In VPC
Ensure SageMaker notebook instances are deployed into a VPC.
- Enable SageMaker Notebook Instance Data Encryption (Deprecated)
Ensure that data available on Amazon SageMaker notebook instances is encrypted.
- Enable VPC Only for SageMaker Domains
Enable and configure VPC Only mode for added security control of your SageMaker notebooks.
- Notebook Data Encrypted With KMS Customer Master Keys
Ensure SageMaker notebook instance storage volumes are encrypted with Amazon KMS Customer Master Keys (CMKs).
- Notebook Direct Internet Access
Ensure Notebook instance isn't publicly available.