Last active
October 26, 2022 17:48
-
-
Save ashishsecdev/b490d924e0ff909c67f3dca199fe19c5 to your computer and use it in GitHub Desktop.
Salesforce Security Checklist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Data Classification: Done? | |
| Any compliances applicable? Yes, then which one? | |
| Meeting the compliance requirements and standards? | |
| Sensitive Data Classification? | |
| Who has the access to what data? | |
| Access Controls? What Roles, Profiles and Permissions? | |
| Coding Standards? | |
| Static Scanning of Code? | |
| Data Loss Protection Enabled? | |
| 2FA/SSO Enabled? | |
| Org, Object, Field and Record Level Controls? | |
| Have you Documented the controls? | |
| Business Geo Locations tied to Access? (Geo Fencing) | |
| Audit Logs Enabled, what all? | |
| Logs Onboarded in SIEM? | |
| Key Management? Using vaults or how are you managing it? | |
| Perform Salesforce Pentesting Assessment, Documentation? SAA filled and shared with Salesforce? | |
| ~Ashishsecdev (Ashish Bansal) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment