https://www.servicenow.com/community/community-central-forum/i-have-several-questions-regarding-the-encryption-module/m-p/3402381#M5044 <P>I have several questions regarding the encryption module.</P><P>&nbsp;</P><P>1. Considering that the selected encryption algorithm or key length may become compromised in the future, is it possible to configure ServiceNow to allow for the replacement of cryptographic modules?<BR />Additionally, is it possible to standardize the application interfaces for cryptographic modules in advance?</P><P>&nbsp;</P><P>2.Can we switch to another secure cipher immediately when the current one becomes unusable?<BR />Also, since vulnerabilities can arise depending on how the cipher is used (e.g., operating mode), is it possible to select a secure combination (e.g., algorithm + mode + key length)?</P><P>&nbsp;</P><P>3.Is the ServiceNow cryptographic module certified based on ISO/IEC 19790?</P><P>&nbsp;</P><P>4.The critical private keys used for decrypting encrypted data and performing digital signatures must be stored in tamper-resistant cryptographic modules to protect them from unauthorized tampering or access.<BR />To what extent is ServiceNow's tamper resistance guaranteed?</P> Fri, 10 Oct 2025 02:45:21 GMT SotaT 2025-10-10T02:45:21Z https://www.servicenow.com/community/community-central-forum/i-have-several-questions-regarding-the-encryption-module/m-p/3402381#M5044 <P>I have several questions regarding the encryption module.</P><P>&nbsp;</P><P>1. Considering that the selected encryption algorithm or key length may become compromised in the future, is it possible to configure ServiceNow to allow for the replacement of cryptographic modules?<BR />Additionally, is it possible to standardize the application interfaces for cryptographic modules in advance?</P><P>&nbsp;</P><P>2.Can we switch to another secure cipher immediately when the current one becomes unusable?<BR />Also, since vulnerabilities can arise depending on how the cipher is used (e.g., operating mode), is it possible to select a secure combination (e.g., algorithm + mode + key length)?</P><P>&nbsp;</P><P>3.Is the ServiceNow cryptographic module certified based on ISO/IEC 19790?</P><P>&nbsp;</P><P>4.The critical private keys used for decrypting encrypted data and performing digital signatures must be stored in tamper-resistant cryptographic modules to protect them from unauthorized tampering or access.<BR />To what extent is ServiceNow's tamper resistance guaranteed?</P> Fri, 10 Oct 2025 02:45:21 GMT https://www.servicenow.com/community/community-central-forum/i-have-several-questions-regarding-the-encryption-module/m-p/3402381#M5044 SotaT 2025-10-10T02:45:21Z https://www.servicenow.com/community/community-central-forum/i-have-several-questions-regarding-the-encryption-module/m-p/3409742#M5161 <P>Great questions—this boils down to algorithm agility, certified, and key custody. In practice I’d aim for: AES-256 with AEAD (GCM), strict mode/config baselines, short rotation windows, and re-encryption workflows to swap ciphers. Keep private keys in an HSM or external KMS (KMIP/PKCS#11), and audit via the ServiceNow Trust site. For ISO/IEC 19790/FIPS 140-3 specifics, open a Now Support ticket with Security/Edge Encryption.</P> Tue, 21 Oct 2025 21:00:35 GMT https://www.servicenow.com/community/community-central-forum/i-have-several-questions-regarding-the-encryption-module/m-p/3409742#M5161 stevemarkovick 2025-10-21T21:00:35Z