Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Gather security requirements and enable controls

Log in to subscribe to topics and get notified when content changes.

Gather security requirements and enable controls

Use the Top Recommendations questionnaire to determine the security risk tolerance of your organization. With this questionnaire, you can gather security requirements for your company and harden the security controls in each selected category. Its use ensures that your instance complies with the published security hardening standards and your company's security requirements.

Before you begin

Refer to the ServiceNow Instance Hardening [KB0550654] article in the HI Knowledge Base for descriptions of every security-related system property in the Now Platform, with suggested compliance values for each.

Before you update each system setting, review the Instance Hardening Guide and talk with your security experts to understand the potential impacts of activating each proposed security setting.

Role required: security_dashboard_user or admin

Note: If you have an admin role, you can view and edit security controls. If you have a security_dashboard_user role, you can view security controls, but you cannot edit them.

About this task

The Top Recommendations questionnaire includes only a selected subset of the most important security controls available for the Now Platform. To harden the remaining non-compliant security settings, use the Hardening Configuration page. For more information, see Adjust instance security settings to increase compliance.
Note: It's important that you check the Hardening Configuration page regularly to see if there are any pending actions that you are required to do to maintain security compliance. This page also shows any changes that you made to correct any non-compliance. If all selected security settings are in compliance, you see a message that states that no further actions are needed.

Procedure

  1. Navigate to System Security > Instance Security Center.
  2. Click the Top Recommendations tile.
  3. To configure the security control settings in a section, move the slider to the right.
    To disable a section, move the slider to the left.
  4. To expand a section and view its associated security controls, click the down arrow key.
  5. Update the security controls that you want to change by using the suggested security setting guidelines that are in the ServiceNow Instance Hardening [KB0550654] article in the HI Knowledge Base.
  6. To perform data validations after you configure your selected security settings, click Activate.
    1. If no errors are detected, the Recommended Controls pop-up window appears.
    2. If invalid or out-of-range security entries are detected, error messages appear next to each field that has a problem. Correct each entry and click Activate. Repeat this cycle until no further errors are detected and the Recommended Controls pop-up window appears.
  7. In the Recommended Controls pop-up window, select one of the following options:
    OptionDescription
    Review Expands each of the security sections again so that you can perform a final review and change security entries before you activate them.
    Activate Applies and implements the security setting updates in your instance. A confirmation message appears when you have successfully activated the security settings.
    Note: Select this option only after you have thoroughly reviewed your security settings and are satisfied with them.

Result

The Daily Compliance score increases or decreases depending on the changes that you make to the system security settings.
Feedback