ServiceNow: Secure Configuration


This guide illustrates the importance of a secure configuration in ServiceNow, emphasizing practices such as managing system properties, setting up Access Control Lists (ACLs), and the importance of regular configuration reviews to maintain a secure instance.

Secure configuration of ServiceNow is a fundamental aspect of maintaining a secure environment. Properly configuring security settings can help protect your ServiceNow instance from threats and vulnerabilities. This guide will discuss the essential steps and best practices for secure configuration in ServiceNow.

1. Understanding Secure Configuration

Secure configuration involves setting up your ServiceNow instance in a way that minimizes potential vulnerabilities. This includes configuring system properties, setting up access controls, and managing encryption keys.

2. Configuring System Properties

System properties are a set of configurable settings in ServiceNow that dictate how your instance behaves. Many of these properties relate to security. For example, you can set properties to define session timeout duration, enforce password policies, enable IP range checking, or activate CAPTCHA verification for login attempts.

3. Configuring Access Controls

Access Control Lists (ACLs) in ServiceNow allow you to control who can view and manipulate records. For each table and field, you can set up ACL rules that define who can read, write, create, or delete records based on the user's roles or other conditions.

4. Managing Encryption Keys

ServiceNow provides a robust encryption framework that helps secure sensitive data. Proper management of encryption keys, including regular rotation, is crucial to maintaining the integrity of encrypted data. You can configure this in the Encryption Configuration module.

5. Setting up Security Incident Response

ServiceNow's Security Incident Response (SIR) application provides tools to manage and resolve security incidents. Configuring SIR to match your organization's incident response process will help you react quickly and effectively to security incidents.

6. Configuring Network Settings

Network settings, such as IP ranges for incoming connections and allowed URLs for redirects and outbound HTTP requests, can be configured in ServiceNow to further improve security.

7. Using Security Admin Role

The security_admin role in ServiceNow can perform security-related tasks, such as managing ACLs and encryption keys. Limit the assignment of this role to trusted personnel.

8. Regular Review and Updates

Regularly review your ServiceNow configuration to ensure that it remains secure as new features are added or as threats evolve. Stay informed about new patches and updates from ServiceNow and apply them promptly.


A secure configuration is the foundation of a secure ServiceNow instance. By following the steps outlined in this guide, you can establish a strong security posture and minimize potential threats to your ServiceNow environment.