Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

System security

Log in to subscribe to topics and get notified when content changes.

System security

Security is built into all levels of the system. Implement the security features that are appropriate for your organization, from managing failed logins and encrypted password protection, to access control rules and audit logs.

Feature Description Status Top Tasks
Instance security dashboard and settings

Use the Instance Security dashboard to gain awareness of security level controls, educate with security resources, and take steps to configure and maintain application security standards.

Access control list rules

Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

Elevated privilege roles Elevated privilege roles require a user to manually accept the responsibility of using the role before the user can access the features of the role. Active
Login and authentication security Configure login security options to control access to your instance. Active

Your instance requires certificates to establish secure connections and validate signatures.

Requires configuration before use

Web service security Enforce security using basic authentication, mutual authentication, or WS-Security. Active
HTML sanitizer Remove unwanted code and protect against security concerns such as cross-site scripting attacks by sanitizing HTML markup in HTML fields and translated HTML fields. Active
Auditing Track record changes on auditing-enabled tables. By default, the system only tracks changes to the incident, change, and problem tables. Active
Domain separation The separation of data, administrative tasks, processes or reporting into logically defined domains is known as domain separation. A domain can be entities, customers, or sub-organizations. By default, members of one domain only see the data contained within their domain or the child domains that are lower in the domain hierarchy. Requires a separate subscription.
Virtual Private Network (VPN) Use a virtual private network (VPN to integrate your instance with external data sources over the Internet. Available by request from ServiceNow personnel.
Encryption support

Use encryption contexts to allow or deny access to sensitive data based on user role.

Requires configuration before use.

ServiceNow® Edge Encryption ServiceNow® Edge Encryption encrypts sensitive data on your company premises before sending it over the Internet to your ServiceNow instance (encrypted in flight) where it remains encrypted at rest. Requires a separate subscription.
System logs View warnings and errors for instance processes, records, and non-critical events, such as memory usage on the server machine. Active