Snowflake security audit, auditor-ready.

Report: SF-LAT-20260427-004934 · Account: titan-snowflake-prod-20260427 · Generated: 2026-04-27T00:48:36+00:00 · Mode: native
54
Total findings
9
Critical
31
High
31
Detectors active
SeverityFindingResourceCitationPriority
criticalUsers without MFA enrolledTITANBAD_STALEHIPAA 164.312(d) Person or Entity Authentication; CIS Snowflake 1.490
criticalUsers without MFA enrolledTITANBAD_NOMFA2HIPAA 164.312(d) Person or Entity Authentication; CIS Snowflake 1.490
criticalUsers without MFA enrolledTITANBAD_NOMFA1HIPAA 164.312(d) Person or Entity Authentication; CIS Snowflake 1.490
criticalUsers without MFA enrolledTITANADMINHIPAA 164.312(d) Person or Entity Authentication; CIS Snowflake 1.490
criticalUsers without MFA enrolledSVC_TITANBAD_BROADHIPAA 164.312(d) Person or Entity Authentication; CIS Snowflake 1.490
highUsers authenticating with password instead of RSA keyTITANADMINCIS Snowflake 1.6; NIST 800-53 IA-575
highUsers authenticating with password instead of RSA keyTITANBAD_NOMFA1CIS Snowflake 1.6; NIST 800-53 IA-575
highUsers authenticating with password instead of RSA keyTITANBAD_NOMFA2CIS Snowflake 1.6; NIST 800-53 IA-575
highUsers authenticating with password instead of RSA keyTITANBAD_STALECIS Snowflake 1.6; NIST 800-53 IA-575
highUsers authenticating with password instead of RSA keySVC_TITANBAD_BROADCIS Snowflake 1.6; NIST 800-53 IA-575
mediumStale users (no login in 90 days)SVC_TITANBAD_BROADCIS Snowflake 1.10; NIST 800-53 AC-2(3)55
mediumStale users (no login in 90 days)TITANBAD_NOMFA2CIS Snowflake 1.10; NIST 800-53 AC-2(3)55
mediumStale users (no login in 90 days)TITANBAD_STALECIS Snowflake 1.10; NIST 800-53 AC-2(3)55
mediumStale users (no login in 90 days)TITANBAD_NOMFA1CIS Snowflake 1.10; NIST 800-53 AC-2(3)55
highAccount-level network policy not configuredaccountHIPAA 164.312(e)(1) Transmission Security; CIS Snowflake 1.1375
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.PATIENT_IDHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNT.MEMBER_PII_SSNHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.SSNHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.MEMBER_IDHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.DOBHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.MRNHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.PHONEHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNT.MEMBER_PII_DOBHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
highLikely-PHI / PII columns without a masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.EMAILHIPAA 164.502 Uses and Disclosures of PHI; CIS Snowflake 4.575
mediumSensitive tables without a row-access policySNOWFLAKE.TRUST_CENTER.ACCOUNT_NOTIFICATION_RECIPIENTSHIPAA 164.312(a)(1); CIS Snowflake 4.655
mediumSensitive tables without a row-access policyTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNTHIPAA 164.312(a)(1); CIS Snowflake 4.655
mediumSensitive tables without a row-access policySNOWFLAKE.TRUST_CENTER_STATE.ACCOUNT_NOTIFICATION_METADATAHIPAA 164.312(a)(1); CIS Snowflake 4.655
mediumSensitive tables without a row-access policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHIHIPAA 164.312(a)(1); CIS Snowflake 4.655
mediumSensitive tables without a row-access policySNOWFLAKE.TRUST_CENTER_STATE.ACCOUNT_NOTIFICATION_HISTORYHIPAA 164.312(a)(1); CIS Snowflake 4.655
highAuthentication policy not configured at account levelaccountPCI-DSS 8.2; NIST 800-53 IA-2; HIPAA 164.308(a)(5)(ii)(D)75
mediumSession policy missing or idle timeout above 60 minutesno_session_policyPCI-DSS 8.1.8; NIST 800-53 AC-11; HIPAA 164.312(a)(2)(iii)55
mediumSensitive tables with Time Travel retention below 7 daysTITAN_DEMO.PUBLIC_BAD.PATIENT_PHIHIPAA 164.316(b)(2)(i); PCI-DSS 10.5.3; SOC 2 CC7.355
highCustomer-managed encryption keys (Tri-Secret Secure) not enabledaccountHIPAA 164.312(a)(2)(iv); FedRAMP SC-12; PCI-DSS 3.5.275
mediumNo replication or failover groups for HIPAA / PCI workloadsaccountHIPAA 164.308(a)(7) Contingency; PCI-DSS 12.10.1; SOC 2 A1.255
mediumRecent Cortex AI calls invoked from likely-PHI tablesTITANADMINHIPAA 164.502; NIST AI RMF GV-255
highUsers without MFA enrolledSVC_TITANBAD_BROADHIPAA 164.312(d); CIS Snowflake 1.475
criticalUsers without MFA enrolledTITANADMINHIPAA 164.312(d); CIS Snowflake 1.490
highUsers without MFA enrolledTITANBAD_NOMFA1HIPAA 164.312(d); CIS Snowflake 1.475
highUsers without MFA enrolledTITANBAD_NOMFA2HIPAA 164.312(d); CIS Snowflake 1.475
highUsers without MFA enrolledTITANBAD_STALEHIPAA 164.312(d); CIS Snowflake 1.475
criticalPUBLIC role granted on regulated data objectTITAN_DEMO.PUBLIC_BADHIPAA 164.502; PCI-DSS 7.1; CIS Snowflake 2.190
criticalPUBLIC role granted on regulated data objectTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNTHIPAA 164.502; PCI-DSS 7.1; CIS Snowflake 2.190
criticalPUBLIC role granted on regulated data objectTITAN_DEMO.PUBLIC_BAD.PATIENT_PHIHIPAA 164.502; PCI-DSS 7.1; CIS Snowflake 2.190
mediumRole holds 10 distinct privilegesR_TITANBAD_EXPLOSIONNIST 800-53 AC-6 Least Privilege; CIS Snowflake 2.555
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.EMAILHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.MEMBER_IDHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.DOBHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.SSNHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.PHONEHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNT.MEMBER_PII_DOBHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.PATIENT_IDHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.MEMBER_ACCOUNT.MEMBER_PII_SSNHIPAA 164.502; CIS Snowflake 4.575
highPHI / PII column without masking policyTITAN_DEMO.PUBLIC_BAD.PATIENT_PHI.MRNHIPAA 164.502; CIS Snowflake 4.575
highExternal stage without server-side encryptionTITAN_DEMO.PUBLIC_BAD.BAD_EXT_STAGEHIPAA 164.312(a)(2)(iv); CIS Snowflake 4.275