System security

Security is built into all levels of the system. Implement the security features that are appropriate for your organization, from managing failed logins and encrypted password protection, to access control rules and audit logs.

Feature Description Status Top Tasks
High Security Settings

High Security Settings refer to several security options available in your instance.

Active
Certificates

Your instance requires certificates to establish secure connections and validate signatures.

Requires configuration before use

Active
Login and authentication security Configure login security options to control access to your instance. Active
Web service security Enforce security using basic authentication, mutual authentication, or WS-Security. Active
Access control list rules

Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

Active
Encryption support

Use encryption contexts to allow or deny access to sensitive data based on user role.

Requires configuration before use.

Active
HTML sanitizer Remove unwanted code and protect against security concerns such as cross-site scripting attacks by sanitizing HTML markup in HTML fields and translated HTML fields. Active
Auditing Track record changes on auditing-enabled tables. By default, the system only tracks changes to the incident, change, and problem tables. Active
System logs View warnings and errors for instance processes, records, and non-critical events, such as memory usage on the server machine. Active
Domain separation Separate data, processes, and administrative tasks into logically defined domains. Requires a separate subscription.
Virtual Private Network (VPN) Use a virtual private network (VPN to integrate your instance with external data sources over the Internet. Available by request from ServiceNow personnel.
Edge Encryption ServiceNow® Edge Encryption encrypts sensitive data on your company premises before sending it over the Internet to your ServiceNow instance (encrypted in flight) where it remains encrypted at rest. Requires a separate subscription.