Attachment Encryption

Tanmay14
Tera Contributor

Hi,

 

When uploading an attachment, when prompted to encrypt or not we are presented with 2 options.

  • Current encryption context
    • Cm_security incident encryption context AES-128
    • Security_incident_crypto AES-256

I would like to understand the relevance to the security incident when trying to upload an attachment on a form that will ultimately create an RITM not a Security Incident

When I look at Native UI I am presented with this:

Tanmay14_0-1699949457225.png

 

  • If you look at the content on the right, we can see that I am operating in the Global Application Scope, I am currently in the Default update and I am assuming using the Crypto module: cm_security incident…
  • Where has this module come from? What purpose does it serve? Does this truly have relevance to Security Incident but applied across the platform?
    • My understanding is that if an attachment is uploaded as encrypted, surely everyone (internally) should be able to see the attachment (encrypted or not). But this is not the case, only certain users can see the attachment. Is this based on some role?
    • This is how I understand it:       
      • The Paris release of ServiceNow moved us from this (Service Portal):
        Tanmay14_1-1699949457225.png
        to this:
        Tanmay14_2-1699949457225.png

         


        When and why did this come into effect:
        Tanmay14_3-1699949457225.png

Any information that you can provide will be most helpful.

Thanks

 

0 REPLIES 0