Baseline version 2.0

Australia Platform security

Release

australia

ft:locale

ja-JP

ft:publication_title

Australia Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

New hardening settings for baseline version 2.0

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：5分

New hardening settings have been released with Security Center baseline version 2.0.

Ensure archive table ACLs are checked [New in Security Center 1.3 and updated in 1.5]
Enforce application scope restrictions [New in Security Center 1.3 and removed in 1.5]
Enable the hardened java security manager [New in Security Center 1.3]
Verify certificate revocation [New in Security Center 1.3]
Require clearing pasteboard when backgrounding mobile application [New in Security Center 1.3 and updated in 1.5]
Enable protected tables plugin [New in Security Center 1.3]
Enforce strict elevate privilege [New in Security Center 1.3]
Limit integrations' active session life span [New in Security Center 1.3]
Proactively Invalidate Sessions After Defined Durations
Enable MID audit log [New in Security Center 1.3 and updated in 1.5]
Use of secure insert multiple operation within import set API [New in Security Center 1.3]
Enforce OCSP check on network error [New in Security Center 1.3 and updated in 2.0]
Enforce security rules to sharing dashboards [New in Security Center 1.3]
Restrict oauth parameters to POST body [New in Security Center 1.3]
Limit attachment size in training and prediction flows for GraphQL endpoints [New in Security Center 1.3 and updated in 1.5]
Disable GlideRecord Scope Fencing Legacy Behavior [New in Security Center 1.3 and updated in 1.5 and 2.0]
Required jms connection factories [New in Security Center 1.3 and updated in 1.5 and 2.0]
Limit attachment size in training and prediction flows [New in Security Center 1.3 and updated in 1.5]
Log session audit events [New in Security Center 1.3 and updated in 1.5]
Require write access to access service catalog add item page [New in Security Center 1.3]
Define active session timeout exception roles [New in Security Center 1.3]
Certificate based authentication not enforced [New in Security Center 1.3]
Enforce scoped ACL access for information request playbooks [New in Security Center 1.3 and updated in 1.5]
Hide user comments on articles [New in Security Center 1.3]
Ensure dashboards creation/deletion requires access check [New in Security Center 1.3 and updated in 2.0]
Enforce device encryption and passcode requirements [New in Security Center 1.3]
Validate file mime type in AttachmentCreator soap web service [New in Security Center 1.3 and updated in 1.5]
Verify certificate revocation [New in Security Center 1.3]
Check impersonation on ACL evaluation in HR App [New in Security Center 1.3 and updated in 1.5]
Require captcha for guest walk-up experience in customer service application [New in Security Center 1.3 and updated in 1.5]
Require Authentication on Event Management HTTP Processor [New in Security Center 1.3, Updated in 1.5, and removed in 2.0]
Limit guest's active session life span [New in Security Center 1.3]
Disallow target cloning [New in Security Center 1.3]
Set safe content security policy for svg files [New in Security Center 1.3]
Anti-CSRF token validation time [New in Security Center 1.3]
Restrict knowledge bases access [New in Security Center 1.3]
Enforce scope security for public sector digital services [New in Security Center 1.3]
Restrict HR case updates from personal emails [New in Security Center 1.3 and updated in 1.5]
Limit UI active session life span [New in Security Center 1.3]
Enforce secure referrer policy [New in Security Center 1.3]