Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Instance Security Dashboard

Log in to subscribe to topics and get notified when content changes.

Instance Security Dashboard

If you do not have the Performance Analytics - Premium plugin installed and activated, use the Instance Security Dashboard to gain awareness of security controls, educate yourself about security resources, and take steps to configure and maintain application security standards within your instance and your applications.

If you do not already have the Performance Analytics - Premium plugin installed and activated, follow the procedure described in Get licensed Performance Analytics.
Caution: To ensure that your dashboard receives up-to-date security information with every upgrade, do not customize the Instance Security Dashboard. Test all changes to security settings before implementing them in a production environment.
Do one of the following to access the Instance Security Dashboard:
  • Navigate to System Security > Instance Security Dashboard.
  • Go to the System Administration home page, click the System Security tile, and then click Instance Security Dashboard.
Note: The Instance Security Dashboard, introduced in Jakarta, has been deprecated. The Instance Security Dashboard (PA) is an enhanced version of the Instance Security Dashboard that uses the Performance Analytics framework. The daily compliance score that appears in the Instance Security Dashboard (PA) differs from the score in the earlier, now deprecated, Instance Security Dashboard. Each of these dashboards uses differing calculation methods for their respective scores, with the Instance Security Dashboard (PA) being the more reliable and accurate of the two.

On the Instance Security Dashboard, you can view the security compliance score for your instance, learn more about recommended settings, and configure system properties from the following categories:

Input Validation
Ensure the application is robust against all forms of input data, whether obtained from the user, infrastructure, external entity, or database system.
Access Controls
Restrict user accounts to control resources on the instance.
Apply authorization controls to the application.
Configure credential and password requirements.
Apply restrictions on all the attachments uploaded, downloaded, and managed on the instance.
Session Management
Ensure that cookies and other session-related information are securely managed.
Security Best Practices
Apply best practices to increase the effectiveness of base system security measures on the instance.
Secure Communications
Ensure that confidentiality and integrity are achieved through SSL certificates and associated metadata.
Security Whitelisting
Enforce security on unauthorized content.
Email Security
Apply inbound email configurations for additional security over the default configurations.
Apply logging and auditing strategies so that suspicious activity is identified and acted upon in a timely manner.
Note: Some settings require the security_admin role to configure. The Instance Security Dashboard can only be modified in the global scope.

You can return to the Instance Security Dashboard at any time to adjust your settings and manage the overall security health of your instance. The dashboard is automatically updated based on the properties set on your instance. The Instance Security dashboard generates a compliance score based on guidelines in the ServiceNow instance hardening customer security document.

Instance security dashboard

Note: The Failed login attempts Today dashboard item displays only local logins. Failed SAML logins are not displayed.