Acumatica Cloud ERP Security Best Practices Guide

This guide outlines best practices for security and access control within the Acumatica Cloud ERP solution. It is intended for Acumatica customers and VAR partners involved in managing access and ensuring security. The document is structured into three main sections: Password Policy and Expiration, Role-Based Access Control, and Addressing Exposure and Vulnerabilities. The first section details recommended password policies, including settings for password length, complexity, and account lockout procedures. It emphasizes the importance of multi-factor authentication and regular monitoring of login activity. The second section describes the role-based security model, advocating for the principle of least privilege and the creation of task-based roles. It also stresses the need for regular access reviews and immediate offboarding of users who leave the organization. The final section addresses how to respond to security exposures, outlining immediate, short-term, and long-term actions to mitigate vulnerabilities and improve security processes.