Getting started with the Trust Center

This topic describes how you can use the Trust Center to check for common security risks in your Snowflake account, and get recommendations on how to remediate those risks.

Enable the CIS Benchmarks scanner package

  1. Sign in to Snowsight.

  2. Switch to a role with the requirements to access the Trust Center

  3. In the navigation menu, select Monitoring » Trust Center.

  4. Select a warehouse.

  5. Select Scanner Packages.

  6. Select CIS Benchmarks.

  7. Select Enable and then Continue.

Ensure multi-factor authentication (MFA) is enforced for all human users using password-based authentication

  1. Sign in to Snowsight.

  2. Switch to a role with the requirements to access the Trust Center

  3. In the navigation menu, select Monitoring » Trust Center.

  4. Ensure you have Enabled the CIS Benchmarks scanner package.

  5. Select Findings.

  6. Select Search.

  7. Search for multi-factor authentication.

  8. Under the Violation column, select Ensure multi-factor authentication (MFA) is turned on for all human users with password-based authentication.

    A side panel opens.

  9. In the side panel, under Remediation, follow the guide.

Find over-privileged roles

  1. Sign in to Snowsight.

  2. Switch to a role with the requirements to access the Trust Center

  3. In the navigation menu, select Monitoring » Trust Center.

  4. Ensure you have Enabled the CIS Benchmarks scanner package.

  5. Select Findings.

  6. Select Search.

  7. Search for snowflake tasks.

  8. Under the Violation column, select Ensure that Snowflake tasks do not run with the ACCOUNTADMIN or SECURITYADMIN role privileges.

    A side panel opens.

  9. In the side panel, under Remediation, follow the guide.

Ensure the amount of users with the ACCOUNTADMIN and SECURITYADMIN system roles is limited

  1. Sign in to Snowsight.

  2. Switch to a role with the requirements to access the Trust Center

  3. In the navigation menu, select Monitoring » Trust Center.

  4. Ensure you have Enabled the CIS Benchmarks scanner package.

  5. Select Findings.

  6. Select Search.

  7. Search for limit the number of users.

  8. Under the Violation column, select Limit the number of users with ACCOUNTADMIN and SECURITYADMIN.

    A side panel opens.

  9. In the side panel, under Remediation, follow the guide.

Find users who have not logged in for 90 days

  1. Sign in to Snowsight.

  2. Switch to a role with the requirements to access the Trust Center

  3. In the navigation menu, select Monitoring » Trust Center.

  4. Ensure you have Enabled the CIS Benchmarks scanner package.

  5. Select Findings.

  6. Select Search.

  7. Search for did not log in.

  8. Under the Violation column, select Ensure that users who did not log in for 90 days are disabled.

    A side panel opens.

  9. In the side panel, under Remediation, follow the guide.

Next steps

Language: English