FedRAMP Authorized — Moderate Impact
Snowflake Government by Snowflake. 6 compliance features verified.
Snowflake Government
by Snowflake
Impact Level
Moderate
Status
Authorized
Pricing
varies
Authorization Date: June 8, 2022 | Sponsoring Agency: GSA
Overview
Snowflake Government provides FedRAMP Moderate authorized cloud data platform for government organizations on AWS GovCloud. It offers data warehousing, data lake, and data sharing capabilities with near-unlimited scalability. The platform separates compute from storage for cost-efficient analytics.
Key Features
Certifications & Authorizations
Deployment Options
NIST 800-171 Compliance Coverage
How to Procure Snowflake Government for Defense Contracts
Snowflake Government is available through GSA Multiple Award Schedule (MAS) under Special Item Number (SIN) 518210C for cloud computing services. The product is also procurable via SEWP VI contracts and NASA OASIS. Government pricing includes significant discounts from commercial rates, typically 15-25% reduction with volume commitments. For authorization boundary documentation, obtain Snowflake's System Security Plan (SSP), Plan of Action and Milestones (POA&M), and Control Implementation Summary from their FedRAMP Package. Contracting officers must approve the data processing addendum, BAA modifications for government data handling, and customer responsibility matrix defining shared security controls. The typical procurement timeline spans 90-120 days including technical evaluation, security review, and contract negotiation. Authority to Operate (ATO) inheritance from FedRAMP can reduce customer ATO timelines to 60-90 days. For CMMC assessment boundaries, include Snowflake Government when processing, storing, or transmitting CUI through the platform. Document data flow diagrams showing CUI ingestion, processing workflows, and output mechanisms. Ensure your CMMC assessment covers data classification procedures, access controls for Snowflake users, and monitoring of data sharing activities. The inherent multi-tenancy requires careful boundary definition and contractor disclosure of shared infrastructure components.
Compliance Cross-References
Snowflake Government's FedRAMP Moderate authorization directly satisfies DFARS 252.204-7012 requirements for adequate security when processing covered defense information (CDI). The platform addresses DFARS 252.239-7010 cloud computing security requirements through its government-specific deployment in AWS GovCloud with enhanced monitoring and incident response procedures. For NIST 800-171 compliance, Snowflake Government provides pre-configured controls across Access Control (AC) family through role-based permissions and multi-factor authentication, System and Communications Protection (SC) family via encryption at rest and in transit using FIPS 140-2 validated modules, and Audit and Accountability (AU) family through comprehensive logging and monitoring capabilities. The service supports CMMC Level 2 domains including Access Control (AC), System and Information Integrity (SI), and Risk Management (RM) through its built-in security features and compliance reporting tools. Organizations can leverage Snowflake's continuous monitoring program and quarterly security assessments to maintain ongoing compliance posture and demonstrate due diligence for cybersecurity maturity requirements.
Defense Contractor Use Case
Defense contractors use Snowflake Government as their cloud data warehouse for consolidating program data, running analytics at scale, and securely sharing data with government partners.
Related Products
More Analytics & BI Products
Frequently Asked Questions
What is the FedRAMP authorization level for Snowflake Government?
Snowflake Government is authorized at the FedRAMP Moderate impact level, with authorization granted on 2022-06-08 sponsored by GSA. The FedRAMP Moderate baseline includes approximately 325 security controls covering confidentiality, integrity, and availability.
Can defense contractors use Snowflake Government for CUI?
Snowflake Government is authorized at the FedRAMP Moderate baseline. While FedRAMP Moderate covers a broad range of government data, defense contractors handling CUI should carefully evaluate whether Moderate controls meet their specific DFARS 252.204-7012 and NIST 800-171 requirements. Some CUI categories may require FedRAMP High authorization depending on the sensitivity of the data and contract requirements.
How does Snowflake Government pricing compare to commercial?
Snowflake Government offers flexible pricing tiers that vary based on usage, features, and organization size. Government pricing may differ from commercial rates due to FedRAMP compliance overhead and dedicated infrastructure requirements. Snowflake offers various consumption models that can be cost-effective depending on your usage patterns. Request a government-specific quote from Snowflake or check GSA Advantage for available pricing.
Browse All FedRAMP Authorized Tools
Search and filter 80+ FedRAMP authorized products for your defense contracting needs.
Open FedRAMP FinderTrack Snowflake Government FedRAMP compliance updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days