Categories
Salesforce Marketing Cloud Technologies

General Security Controls

General Security Settings
Marketing Cloud Security settings are applied to the complete cloud (all users and all BUs). These are the settings which prevents invalid accesses. For example, restricting login to locations, IPs.

Session Settings:

  • Session Timeout
  • Require Secure Connections (https)
  • Enable Clickjacking Protection

Username and logins

  • Login Expires After Inactivity
  • Invalid Logins Before Lockout
  • Minimum Username Length
  • Restrict Logins by IP Address (IP Whitelisting)
  • IP Whitelisting List Source
  • Allow machines not on Whitelisted IP Addresses list access
  • Identity Verification
  • Business Unit Identity Verification
  • Browser Verification Code Lifetime
  • Time a browser can be inactive before requiring re-verification
  • Do not require Identity Verification for machines inside the whitelist
  • Enable Username and Password for Web Services
  • Do not require Identity Verification for machines inside the whitelist
  • Enable Username and Password for Web Services

Password Policies

  • Minimum Password Length
  • Password Complexity
  • Enforce Password History
  • User Passwords Expire In
  • Exclude API Users From Password Expiration
  • Exclude FTP Users From Password Expiration
  • Send Password Change Confirmation Email

Connection Security

Connection Types

Marketing Cloud - Connection Security Settings
Marketing Cloud – Connection Security Settings

Audit Logging

Enable Audit Logging Data Collection

More on Marketing Cloud