FAQ-001233 - Marketing Cloud Security / Security Review Process

The security review process for AppExchange apps that extend Marketing Cloud has specific requirements: - A Developer Edition org and solution documentation are not required. - You must provide credentials to the Marketing Cloud environment. - The app must be provisioned for all platforms it will be distributed on (e.g., test flight or ad hoc deployment for iOS, or an Android Packaging (.apk) file for Android). - The review team focuses on secure handling of Salesforce credentials and data, especially for external components and integrations.

The existing FAQ content is accurate and well-structured. No outdated content was detected as the procedural requirements for Marketing Cloud apps remain current. The content appropriately emphasizes the unique aspects of Marketing Cloud security reviews compared to standard Salesforce apps. The security rules I selected relate directly to the FAQ's emphasis on 'secure handling of Salesforce credentials and data': - AvoidHardcodedCredentialsInFieldDecls: Relates to the FAQ's mention of providing and securely handling Marketing Cloud credentials, as apps must avoid hardcoding credentials in field declarations - AvoidHardcodedCredentialsInVarDecls: Connects to credential security practices mentioned in the FAQ, ensuring credentials aren't hardcoded in variable declarations - AvoidHardcodedCredentialsInVarAssign: Addresses secure credential handling by preventing hardcoded credentials in variable assignments - AvoidHardcodedCredentialsInHttpHeader: Directly relevant to the FAQ's focus on external integrations and secure credential handling in HTTP communications - ApexSuggestUsingNamedCred: Supports the FAQ's emphasis on secure credential handling by promoting the use of Named Credentials for external integrations - ProtectSensitiveData: Broadly applicable to the FAQ's mention of 'secure handling of Salesforce credentials and data' in Marketing Cloud environments