Instance Security Hardening Settings

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Instance Security Hardening Settings

    The Instance Security Hardening Settings provide detailed descriptions and compliance values for security-related system properties and plugins within the ServiceNow AI Platform. Customers can manage these properties using the Hardening Compliance Configuration page in the Instance Security Center. However, note that the Instance Security Center (ISC) will no longer be supported after September 2024, with the ServiceNow Security Center (SSC) as the recommended solution for future use.

    Show full answer Show less

    Key Features

    • Daily Compliance Score: The ISC calculates a score based on your instance's security settings compliance.
    • Security Configurations: Access detailed security configuration records that provide compliance states and dependencies.
    • Access Control: Controls resource access based on user permissions.
    • Email Security: Configure security policies for inbound emails.
    • Input Validation: Ensures the integrity of data entered into the system.
    • Secure Communications: Properties related to securing HTTP traffic.
    • Session Management: Identifies user traffic to prevent abuse of trust relationships.
    • Security Best Practices: Recommendations for periodic security tasks beyond configurations.

    Key Outcomes

    By utilizing the Instance Security Hardening Settings, customers can enhance their instance's security posture, ensure compliance with security policies, and mitigate risks associated with system vulnerabilities. Regularly updating security properties while consulting with security experts will help maintain expected instance behavior and compliance. Transitioning to the ServiceNow Security Center will provide ongoing support and enhanced security capabilities.

    The Instance Security Hardening Settings content contains detailed descriptions and compliance values for the security-related system properties and plugins in the ServiceNow AI Platform. You can set most of these properties in the Hardening Compliance Configuration page in the Instance Security Center.

    Important:

    Instance Security Center (ISC) has reached the end of sales as of September 2024, and is no longer supported or available for new activation.

    ServiceNow Security Center (SSC) is the recommended solution going forward. For more information, see Instance Security Center to ServiceNow Security Center migration.

    Overview and purpose

    The Instance Security Center calculates a Daily Compliance Score, expressed as a percentage. It is based on how compliant your current instance security settings are with the compliance values in Instance Security Hardening Settings.

    Using its Hardening Compliance Configuration page, you can manage the specific security configuration settings that may affect the score for your instance. To learn more about ensuring your instances meet hardening requirements, see:

    Consult the Instance Security Hardening Settings whenever you set or update security-related properties, even if some of the compliance values may not be suitable for your instance. When you are updating these properties, ensure that the instance continues to behave as expected. Consult with the appropriate internal personnel who have the expertise to determine the security impacts.

    Other resources

    For user reference, the ServiceNow AI Platform maintains extensive configuration capabilities information in the product documentation. You access most of the security content using the links found in Secure your instance. Also, see the following:

    Instance security hardening tables

    Security configurations table

    Records in the Security Configurations [isc_security_configurations] table contain the details of a security configuration. Within a record you can find the description of a configuration, its compliance state and other important details.

    Use the security configurations record to see all the properties and dependencies you need to configure to make your configuration compliant in one place.

    Within the security configurations record you can see the related security dependency and dependency groups records associated with this configuration.

    Security dependencies table
    Records on the security dependencies [isc_security_dependencies] table define the inbound criteria and outbound criteria, as well as a recommended type. This type defines how the dependency displays in the instance security center.
    Dependency groups table
    Use records on the dependency groups [isc_dependency_groups] table to group multiple dependencies together. All the dependencies in a group must be compliant in order for the group to be considered compliant.