System security

Security is built into all levels of the system. Implement the security features that are appropriate for your organization, from managing failed logins and encrypted password protection, to access control rules and audit logs.

Feature Description Status Top Tasks
Instance security dashboard and settings

Use the Instance Security dashboard to gain awareness of security level controls, educate with security resources, and take steps to configure and maintain application security standards.

Active
Access control list rules

Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.

Active
Elevated privilege roles Elevated privilege roles require a user to manually accept the responsibility of using the role before the user can access the features of the role. Active
Login and authentication security Configure login security options to control access to your instance. Active
Certificates

Your instance requires certificates to establish secure connections and validate signatures.

Requires configuration before use

Active
Web service security Enforce security using basic authentication, mutual authentication, or WS-Security. Active
HTML sanitizer Remove unwanted code and protect against security concerns such as cross-site scripting attacks by sanitizing HTML markup in HTML fields and translated HTML fields. Active
Auditing Track record changes on auditing-enabled tables. By default, the system only tracks changes to the incident, change, and problem tables. Active
Domain separation Separate data, processes, and administrative tasks into logically defined domains. Requires a separate subscription.
Virtual Private Network (VPN) Use a virtual private network (VPN to integrate your instance with external data sources over the Internet. Available by request from ServiceNow personnel.
Encryption support

Use encryption contexts to allow or deny access to sensitive data based on user role.

Requires configuration before use.

Active
ServiceNow® Edge Encryption ServiceNow® Edge Encryption encrypts sensitive data on your company premises before sending it over the Internet to your ServiceNow instance (encrypted in flight) where it remains encrypted at rest. Requires a separate subscription.
System logs View warnings and errors for instance processes, records, and non-critical events, such as memory usage on the server machine. Active