SSDF

This topic describes how Snowflake supports customers with SSDF compliance requirements.

Understanding SSDF compliance requirements

The Cybersecurity and Infrastructure Security Agency (CISA) Secure Software Development Framework (SSDF) reinforces secure by design principles advanced by CISA, Federal government partners, and international allies and requires software producers serving the federal government to confirm implementation of specific security practices.

Snowflake maintains service offerings that have completed a National Institute of Standards and Technology (NIST) Special Publication (SP) 800-218 SSDF assessment by a FedRAMP authorized third-party assessment organization (3PAO) with an accompanying attestation letter available upon request.

Note

If your Snowflake account is in a U.S. government region and you want to access data products that are offered privately or on the Snowflake Marketplace, or offer listings either privately or on the Snowflake Marketplace, you must review and acknowledge a cross-region disclaimer for your organization.

For details, see:

Language: English