Security Best Practices

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Best Practices

    The Security Best Practices feature in ServiceNow helps you implement privacy and security configurations on your instance to improve your overall security posture. It provides a structured approach with step-by-step instructions, progress tracking, and management tools that align with your organization’s security goals.

    Show full answer Show less

    This feature is designed to guide you through best practices categorized by maturity levels and priorities, enabling systematic enhancement of your security stance.

    Key Features

    • Home Page Dashboard: Visualizes your progress with graphs showing completed best practices overall and by maturity level. It allows filtering to focus on specific maturity phases such as “Build a foundation” for initial low-impact security improvements.
    • Security Best Practices Table: Organizes best practices with key fields such as name, maturity level (Build a foundation, Enhance the experience, Optimize functionality, Add advanced features), status (Open, In progress, Completed), priority (Immediate, Later, Not applicable), and associated security goals (e.g., access control, encryption, monitoring).
    • Details Page: Access detailed information about each best practice, including priority settings, implementation progress, release history, and related documentation links. Buttons enable marking practices as complete or reopening them and creating Security Tasks to assign or track work.
    • Task Steps Tab: Provides clear, step-by-step instructions to implement each best practice, helping ensure consistent execution across your team.
    • Activity Tab: Displays a chronological record of user and system actions related to each best practice, supporting auditability and collaboration.
    • Security Tasks Integration: You can create and manage Security Tasks from best practice records to delegate work effectively.
    • Filtering and Saved Lists: Enables sorting, filtering, and saving customized views of best practices for different roles or use cases, facilitating focused work management.

    Practical Benefits for ServiceNow Customers

    • Helps you systematically improve your instance’s security by following proven best practices tailored to your maturity level.
    • Provides a clear view of progress and priority, so you can focus on high-impact or immediate security improvements first.
    • Facilitates collaboration and tracking through integrated Security Tasks and activity logs.
    • Supports ongoing compliance and security posture management with detailed records and historical tracking of best practice updates.

    Use Security Best Practices to implement privacy and security configuration tasks on your ServiceNow instance.

    Identify best practices to improve your security posture, and follow step-by-step instructions on how to implement them. Security Best Practices provide the following:

    • The home page shows an overview of your progress on implementing security best practices. You can also organize and manage lists of security best practices according to your organization's goals.
    • The overview page provides details of each security best practice, the steps to implement them, and a record of all activities and comments.
    • The task steps page provides you with instructions on how to implement security best practices.
    • The activity page tracks the history of the user and system actions related to your security best practices.

    Security Best Practices home page

    Best practices overview
    The home page displays a Manage your best practices section, which includes graphs provide an overview of your progress.
    Completed overall
    Displays a count and trend line of best practices you have completed. Select the card to view the Completed Overall metric page in Security metrics.
    Completed by maturity level
    Displays a chart of completed best practices organized by maturity level (see a description of maturity levels in the proceeding table). Select the card to view the Completed by Maturity Level metric page in Security metrics.
    Build a foundation
    Select the Build a foundation button to filter the table on this page to display only best practices in the Build a foundation maturity level. These are lower impact changes you can make to start improving instance security.
    Create a task
    Use the +Create task button to create a Security Task to track or delegate best practice work. For details on Security Tasks, see Security Tasks.

    The table enables you to apply filters so that you can sort and save filtered lists, which you can use as work lists for different use cases or roles. See save a filtered list for more information.

    The following are explanations of the fields related to the security best practices table.
    Table 1. Summary of fields used in the security best practices table
    Name Description
    Name Word used to identify a security best practice.
    Maturity level Applications and features that have been arranged by the order of impact to provide you measurable results. The values for maturity levels are:
    • Build a foundation
    • Enhance the experience
    • Optimize the functionality
    • Add advanced features

    These can also be thought of as crawl, walk, run, and fly phases.
    Status Current state of a best practice:
    • Open
    • In progress
    • Completed
    Priority Order of importance for implementing a best practice in your organization:
    • Immediate
    • Later
    • Not applicable
    Goals Security category that a best practice addresses:
    • Address initial security configurations
    • Secure emails
    • Monitoring logs
    • Manage access controls
    • Protect with encryption
    • Keep instances up to date
    First introduced Which Security Center version the best practice was introduced.
    Changed Which Security Center version the best practice was changed.
    Removed Which Security Center version the best practice was removed.

    Security Best Practices details page

    Best practice details page

    Select a best practice from the table to view its page. At the top of the details page, you can view general information about the security best practice including priority, maturity level, and status. Use Complete Best Practice button to mark a the practice as complete, or Reopen Best Practice button to mark the practice complete. Use the +Create Task to create a Security Task to track and delegate this task. For details on Security Tasks, see Security Tasks.

    This page provides more information on the best practice, divided into tabs:

    Overview

    This tab contains the Priority drop-down menu, which enables you to specify the security best practices that are important to you at this time and which are not applicable.

    The details section provides content about the features associated with the security best practice, and the documentation section provides one or more links where you can find additional information.

    The Progress card on the right shows the number of steps completed versus the total number of steps included. Select go to next step to navigate to the next incomplete step.

    The best practice update history card provides a snapshot of the release information for the best practice. You can track which ServiceNow Security Center version the security best practice was released in, and which versions it was subsequently last updated in.

    Task Steps

    This tab provides step-by-step instructions for how to implement this security best practice. See complete a security best practice for more information.

    Activity

    This tabe displays timestamped activities listed from newest to oldest. Use search and filter to query for information. See apply filters to the security best practices table for more information.