FAQ-000845 - External Platform Security / External Platform Hosting and AWS

The documentation required for external endpoints hosted on platforms like AWS includes: 1. **Architecture Diagram**: A detailed diagram showing data touch points, information flows, authentication, authorization, and security controls. 2. **Sensitive Data List**: A list of sensitive data processed or stored, such as personal or payment information. 3. **Data Storage Details**: Disclosure of data storage locations and providers, including countries and providers like AWS. 4. **Third-Party Suppliers**: A list of third-party suppliers with whom customer data is shared. 5. **Testing Permissions**: Permissions to perform security testing on external endpoints. 6. **Security-Assurance Documentation**: Details of security-assurance activities, including SDLC, vulnerability management, and breach response procedures. 7. **Certification Reports**: Relevant certifications like HIPAA, PCI DSS, SOC 2, or ISO27001. These documents ensure the security and compliance of external endpoints with Salesforce's guidelines.

The FAQ content is accurate and comprehensive. I made one minor clarification change from 'authorizations' to 'authorization' in point 1 for better grammatical consistency. The FAQ effectively covers external endpoint documentation requirements and aligns well with several security rules. I selected multiple related security rules that directly apply to external endpoint security: ApexInsecureEndpoint relates to ensuring secure endpoint configurations; ApexSuggestUsingNamedCred applies to proper credential management for external endpoints; the various hardcoded credential rules (AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInHttpHeader, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInVarDecls) are directly relevant to the credential security aspects discussed in the architecture diagram and security controls documentation; UseHttpsCallbackUrlConnectedApp relates to ensuring secure HTTPS endpoints; and ProtectSensitiveData directly connects to the FAQ's emphasis on documenting sensitive data handling. The FAQ's focus on 'authentication, authorization, and security controls' in the architecture diagram requirement directly relates to ApexInsecureEndpoint concerns. The 'sensitive data processed or stored' requirement directly connects to ProtectSensitiveData rule purposes. The security controls documentation implicitly covers proper credential management practices addressed by the credential-related rules.