Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Security Insight - Security Center Extension (Add-On) Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Security Insight - Security Center Extension (Add-On) Control

            The detailed insight lenses display a set of scores. The scores are based on the risk rating for each security insight, finding and help in prioritizing what comes first in remediation activities.

            Control Name

            Security Insight - Security Center Extension (Add-On)

            Control Overview

            Automated scoring and risk-prioritized insights on Salesforce security posture that help identify misconfigurations, excessive access, and gaps against best practices and policies.

            Description

            Uses Security Center Extension’s Security Insights to evaluate org configuration, data classification, and access settings, then assigns scores and qualitative risk ratings to highlight key risks and remediation priorities.

            Recommended Configuration

            Define qualitative risk ratings and threshold scores for each Insight, align them with your company’s risk tolerance, and set a target score for each lens or Insight category.

            Security Impact

            Improves visibility into misconfigurations and over-privileged access, reduces the likelihood of data exposure or policy violations, and supports maintaining a least privilege and compliant security posture.

            Business Impact

            Reduces audit and breach-response effort, supports regulatory reporting, and enables more efficient prioritization of remediation and security tech-debt work, lowering overall operational and compliance risk.

            Security Risk If Not Configured

            Missing qualitative risk ratings for data insights, inconsistent risk prioritization, and reduced ability to detect and focus on high-risk misconfigurations or access patterns.

            Threat Scenarios

            Misconfigured or absent data classification fails to identify and protect sensitive data, allowing unauthorized access to critical information.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Risk increases when visibility into misconfigurations and excessive access is limited, which could affect overall security posture.

            Higher Risk When

            Org stores highly sensitive or regulated data, has many admins or integrations, limited manual security review processes, or frequent configuration changes without strong change management.

            Low Risk When

            Org holds only low-sensitivity data, has simple and tightly controlled access models, strong independent security monitoring, and minimal configuration or integration change velocity. Org already has a strong Health Check Score, completes ATHRs, and Security Health Review Reports and has addressed findings.

            Business and Integration Considerations

            Strongly recommended. Integrate Security Insights outputs into existing risk registers, SIEM or GRC workflows, and security operations processes for tracking remediation.

            Security Health Review Guidance

            Strongly recommended.

            See Also

             
            Loading
            Salesforce Help | Article