Claris FileMaker Security Guide: Best Practices for Configuring Security Options

Comply with regulatory requirements

It is your responsibility to fully understand your security compliance requirements and take the appropriate steps.

In addition to the guidelines outlined in this document, depending on your internal or regulatory requirements (COBIT, HIPAA, ISO, PCI, NIST, FIPS, and so on), there may be additional steps you need to take.

If you need to encrypt all network traffic, turn on SSL in FileMaker Server and then configure SSL for applications and external servers that communicate with FileMaker Server or FileMaker Cloud.
If you have minimum password standards, use an external authentication server.
If you need an audit trail, you can build one with FileMaker Pro using tables and scripts. For more complex requirements, consider using a commercially available audit plug-in.
Windows: Because FileMaker Server depends on Windows for managing SSL, install the latest Windows security updates.