FAQ-001271 - OEM Embedded Org Security / Package Installation and Security Reviews

Installing other AppExchange packages into an OEM embedded org may have security review implications. If the installed packages include remote site settings or other components that interact with external systems, they would fall under the scope of a security review. Additionally, any extension packages or integrations must also pass the security review process, as even small packages can introduce vulnerabilities. It's important to ensure that all packages, including those already reviewed, are tested and compliant with Salesforce's security guidelines.

The original answer is accurate and comprehensive but contains one minor language improvement opportunity. The phrase "It is important" can be simplified to "It's important" to match the conversational tone guidelines and use contractions as specified in the brand and tone guide. This makes the text more approachable while maintaining all the original content and technical accuracy. Regarding the security rules selected: 1. **AvoidInsecureHttpRemoteSiteSetting** - This rule is directly relevant because the FAQ specifically mentions "remote site settings" as components that fall under security review scope when installing packages. This rule helps ensure remote site settings use secure HTTPS protocols, which is a key security concern when packages interact with external systems as described in the FAQ. 2. **AvoidDisableProtocolSecurityRemoteSiteSetting** - This rule is also directly applicable because it relates to remote site settings security, which the FAQ explicitly identifies as a security review concern. The FAQ states that packages with "remote site settings or other components that interact with external systems" fall under security review scope, and this rule ensures protocol security isn't disabled in those remote site settings.