Description
Ensure that Multi-Factor Authentication (MFA) is enabled for Snowflake user accounts. Snowflake provides native MFA support via its integration with Duo Security, which is fully managed by Snowflake.
Rationaleβ
MFA introduces an additional verification layer beyond the standard username and password, significantly mitigating the risk of unauthorized access due to compromised credentials.
Impactβ
Accounts without MFA are more susceptible to common attack vectors such as brute-force attempts, credential stuffing, and password leaks. The absence of MFA increases the likelihood of unauthorized access, potentially resulting in data exposure, privilege escalation, or malicious activity within the Snowflake environment.
Auditβ
This policy marks a Snowflake User as INCOMPLIANT if:
- The
Has Passwordfield is true, and - The
Duo Security Is Enabledfield is not set to true.
A User is marked as INAPPLICABLE if the Has Password field is not set to true.