sf-agent-framework/sf-core/tasks/security-audit.md

AI Agent Orchestration Framework for Salesforce Development - Two-phase architecture with 70% context reduction

# Security Audit Task

This task guides comprehensive security audits of Salesforce implementations to
identify vulnerabilities and ensure compliance.

## Purpose

Enable security officers to:

- Assess security posture
- Identify vulnerabilities
- Ensure compliance
- Document findings
- Provide remediation guidance

## Audit Framework

### 1. Access Control Audit

**User Access Review**

```yaml
User Analysis:
  Active Users:
    - Total count
    - Last login dates
    - License utilization
    - Inactive users

  Privileged Users:
    - System Administrators
    - Users with Modify All Data
    - API-only users
    - Integration users

Permission Analysis:
  Profiles:
    - Number of custom profiles
    - High-risk permissions
    - Unused profiles

  Permission Sets:
    - Assignment count
    - Privileged permissions
    - Redundant sets
```

### 2. Data Security Audit

**Field-Level Security**

```yaml
Sensitive Fields:
  - SSN fields
  - Credit card data
  - Personal information
  - Financial data

Encryption Status:
  - Shield encryption enabled
  - Encrypted fields
  - Encryption keys
  - At-rest encryption
```

### 3. Sharing Model Review

**Organization-Wide Defaults**

```yaml
Object Settings:
  Account: Private/Public Read/Public Read-Write
  Contact: Controlled by Parent
  Opportunity: Private
  Custom Objects: [Review each]

Sharing Rules:
  - Criteria-based rules
  - Ownership-based rules
  - Manual shares
  - Apex sharing
```

## Security Checklist

### Authentication

- [ ] MFA enabled for all users
- [ ] SSO configured properly
- [ ] Password policies enforced
- [ ] Session settings appropriate
- [ ] Login IP restrictions

### Authorization

- [ ] Least privilege implemented
- [ ] No excessive permissions
- [ ] Regular access reviews
- [ ] Segregation of duties

### Data Protection

- [ ] Sensitive data encrypted
- [ ] Data classification complete
- [ ] Export controls in place
- [ ] Backup strategy defined

### Monitoring

- [ ] Event monitoring enabled
- [ ] Login forensics active
- [ ] Transaction security policies
- [ ] Audit trail retention

## Vulnerability Assessment

### Common Vulnerabilities

**SOQL Injection**

```apex
// Vulnerable
String query = 'SELECT Id FROM Account WHERE Name = \'' + userInput + '\'';

// Secure
String query = 'SELECT Id FROM Account WHERE Name = :userInput';
```

**Cross-Site Scripting**

```apex
// Vulnerable
<apex:outputText value="{!userInput}" escape="false"/>

// Secure
<apex:outputText value="{!userInput}" escape="true"/>
```

**Access Control**

```apex
// Vulnerable
public without sharing class MyClass {

// Secure
public with sharing class MyClass {
    // Also check CRUD/FLS
    if (!Schema.sObjectType.Account.isAccessible()) {
        throw new SecurityException();
    }
```

## Compliance Verification

### GDPR Compliance

- [ ] Data subject rights implemented
- [ ] Consent management
- [ ] Data retention policies
- [ ] Right to be forgotten
- [ ] Data portability

### HIPAA Compliance

- [ ] PHI encryption
- [ ] Access controls
- [ ] Audit logging
- [ ] Business Associate Agreements

### SOX Compliance

- [ ] Financial data controls
- [ ] Change management
- [ ] Segregation of duties
- [ ] Audit trails

## Remediation Planning

### Risk Prioritization

```yaml
Critical (Fix Immediately):
  - No MFA enabled
  - Excessive admin users
  - Unencrypted sensitive data
  - SOQL injection vulnerabilities

High (Fix within 7 days):
  - Weak password policies
  - Overly permissive sharing
  - Missing field encryption
  - No session timeout

Medium (Fix within 30 days):
  - Unused permissions
  - Legacy code issues
  - Incomplete logging
  - Missing documentation

Low (Fix next release):
  - Minor policy updates
  - Documentation gaps
  - Training needs
```

## Audit Report Template

```markdown
# Salesforce Security Audit Report

## Executive Summary

- Audit Date: [Date]
- Auditor: [Name]
- Overall Risk Level: [Critical/High/Medium/Low]
- Key Findings: [Number] issues identified

## Critical Findings

1. **[Issue Name]**
   - Risk: [Description]
   - Impact: [Business impact]
   - Recommendation: [Action required]
   - Timeline: Immediate

## Detailed Findings

### Access Control

- Finding: [Details]
- Evidence: [Screenshots/queries]
- Recommendation: [Specific steps]

### Data Security

- Finding: [Details]
- Evidence: [Configuration]
- Recommendation: [Actions]

## Recommendations Summary

1. Immediate Actions (0-7 days)
2. Short-term (7-30 days)
3. Long-term (30+ days)

## Appendices

- A: User permission matrix
- B: Security configuration
- C: Compliance mapping
```

## Success Criteria

✅ All areas audited ✅ Vulnerabilities identified ✅ Risk levels assigned ✅
Remediation plan created ✅ Report delivered ✅ Stakeholders briefed ✅
Follow-up scheduled