Security Audit Checklist for FileMaker Solutions

Intermediate

A structured checklist to assess the security posture of any FileMaker solution before go-live or as a periodic review.

What you'll learn

  • The critical items on a FileMaker security audit checklist
  • Account and privilege set checks
  • Network and server configuration checks
  • Data protection and logging checks

A pre-go-live security audit is a systematic check that covers the most common failure points in FileMaker security. Running this checklist -- or a version of it customized for your organization -- before deploying any solution ensures basic hygiene before it enters production.

1/4
1

Account checks

Verify: (1) Guest account is disabled unless intentionally enabled. (2) No staff have [Full Access]. (3) Every active account has a strong password. (4) No default or blank passwords. (5) Service accounts have minimal privilege sets with only the required extended privileges. (6) Former employees have no active accounts.

TEXT
// Account audit items:
[ ] Guest account disabled
[ ] No staff accounts with [Full Access]
[ ] All passwords >= 12 characters
[ ] No blank or default passwords (admin/admin, etc.)
[ ] Service accounts: minimal privilege sets, fmrest only
[ ] Departed employees: accounts disabled
Incident Response for FileMaker Security EventsKiosk Mode Security

Sign in to track your progress and pick up where you left off.

Sign in to FM Dojo