Security Center Hardening process

PaulD23 · ‎08-21-2024

Hello folks,

I've recently been tasked with addressing non-compliant hardening settings to bring as many of them into compliance as possible. Does anyone know the correct process for setting these parameters? Should these changes be applied separately in each non-production and production instance, or should the settings be moved to higher instances via update sets?

Thank you.

Paul Curwen · ‎08-21-2024

Hi,

Any Security Hardening Settings should first be made in sub-production instances and thoroughly tested to ensure they do not cause issues.

You can check them all out using this: https://docs.servicenow.com/bundle/xanadu-platform-security/page/administer/security-center/concept/...

You can perform the process under Security Center > Hardening, the trick is to decide on an acceptable Score e.g 90% and continually monitor and maintain to keep that score. Prioritize your Hardening Settings and implement one at time until you achieve your desired hardening level. Not all recommended Hardening Settings may be compatible or desirable for your business so you need to review each and decide if they are right for your risk/benefit appetite.

There is a great Best Practice article here that covers all things Security related:

https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/success/playbook/inst...

***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul

BiancaK · ‎08-25-2024

Hi

Here are some useful articles that might assist you:

https://www.servicenow.com/community/developer-blog/servicenow-security-hardening-security-center/ba...

https://www.servicenow.com/community/architect-articles/enhancing-security-in-servicenow-a-comprehen...

Community Alums · ‎11-04-2024

Hi,

I've opened an Idea regarding some of these controls, to be able to mark them as non applicable based on your organization's security posture. So, make sure to upvote it.

Best regards,

Lori