1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles) | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
2.9 Ensure monitoring and alerting exists for sessions from unsupported Snowflake Connector for Python and JDBC and ODBC drivers | AUDIT AND ACCOUNTABILITY |
3.1 Ensure that an account-level network policy has been configured to only allow access from trusted IP addresses | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.1 Ensure yearly rekeying is enabled for a Snowflake account | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical data | CONTINGENCY PLANNING |
4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higher | AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
4.9 Ensure that Tri-Secret Secure is enabled for the Snowflake account | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
4.10 Ensure that data masking is enabled for sensitive data | ACCESS CONTROL |
4.11 Ensure that row-access policies are configured for sensitive data | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |