Hardening settings

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Hardening Settings

    The ServiceNow Security Center (SSC) hardening settings provide a framework to enhance the security of your instance by detailing compliance values for security-related system properties and plugins. The SSC calculates a daily compliance score based on your instance's security settings against these predefined standards, allowing you to manage configurations directly within the Security Center.

    Show full answer Show less

    Key Features

    • Configuration Attributes: Each hardening setting includes an overview, configuration name, type, data type, recommended and default values, category, security risk severity score, and details on dependencies and functional impact.
    • Security Risk Assessment: Each configuration is assigned a CVSS score to indicate the potential security risk, ranging from none (0.0) to critical (9.0-10.0).
    • Access Control: Ensures resources are protected from unauthorized access through a robust permission model.
    • API and Web Service Security: Validates appropriate authentication and authorization for all API interactions.
    • Data Protection: Focuses on maintaining the confidentiality, integrity, and availability of data.
    • Error Handling and Logging: Addresses the quality and verbosity of logged information to safeguard against unauthorized access.
    • Session Management: Ensures session security, uniqueness, and proper invalidation procedures.
    • Validation and Sanitization: Provides input validation techniques to prevent common vulnerabilities.

    Key Outcomes

    Implementing the hardening settings can significantly improve the security posture of your ServiceNow instance, ensuring compliance with industry standards and reducing the risk of vulnerabilities. Regular monitoring of compliance scores allows for proactive adjustments to security settings, fostering a secure operational environment.

    The ServiceNow Security Center (SSC) hardening settings content contains detailed descriptions and compliance values for the security-related system properties and plugins in the ServiceNow AI Platform. You can set these properties using the hardening settings app in the Security Center.

    Overview and purpose

    The Security Center calculates a daily compliance score, expressed as a percentage that is based on how compliant your current instance security settings are with the compliance values in Security Center hardening settings.

    You can manage the specific security configuration settings that may affect the score for your instance directly from the Security Center.

    The hardening settings configurations are explained with several attributes described in the table.

    Table 1. Hardening settings configuration details
    Configuration attribute Description
    Overview Provides a high level overview of the recommendation.
    Configuration name The property or plugin name.
    Configuration type Describes where the property can be configured outside of the Security Center, such as in system properties (sys_properties_list.do).
    Data type Describes the type of value required for the configuration. Examples are true/false boolean, installation, plugin, string, etc.
    Recommended value The value that is recommended by the Security Center to enhance security compliance in your instance.
    Default value The value that the configuration is set to in the base system.
    Category The name and link to the category for the hardening setting.
    Security risk Severity score: The score indicates the potential security risk to your instance as per the likelihood of the vulnerability to be exploited. The security vulnerability is considered and scored individually using the CVSS (Common Vulnerability Scoring System) score on a scale ranging from 0.0 to 10.0. See https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator for additional information.
    Severity rating per CVSS score:
    • Critical: 9.0-10.0
    • High: 7.0-8.9
    • Medium: 4.0-6.9
    • Low: .01-3.9
    • None: 0.0
    Security risk details: Describes the importance of the setting configuration and the risk of not utilizing the recommended configuration.

    Dependencies and prerequisites

    		 Related settings or configurations that are required before or in conjunction with the hardening configuration.
    Functional impact The impact this hardening setting has on the operation of your instance.
    References Links to configuration documentation or other helpful information.
    Note:
    Some of the configurations can only be completed by Customer Service and Support and will be indicated as such.

    To learn more about ensuring your instances meet hardening requirements, see Security hardening.

    Other resources

    For user reference, the ServiceNow AI Platform maintains extensive configuration capabilities information in the product documentation. You access most of the security content using the links found in Secure your instance. Also, see the following: