| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
| Description |
Service |
Rule |
| Enable antivirus scanning |
Enable antivirus scanning. |
ITSM
|
SysProperties should have com__glide__snap__enable_scan eq true |
| Users flagged to require a password reset have to do so before making API calls |
Users flagged to require a password reset with the 'password_needs_reset' flag have to do so before making API calls. |
ITSM
|
SysProperties should have glide__authenticate__api__user__reset_password__mandatory eq true |
| Enable CSRF token validation |
CSRF token validation usage is enabled to identify and validate incoming requests. This token is used to prevent cross-site request forgery attacks. |
ITSM
|
SysProperties should have glide__security__use_csrf_token eq true |
| Ensure that mobile devices using the Now Mobile app are encrypted |
The ServiceNow mobile app will check that device encryption is enabled. If encryption is not enabled, the user won't be allowed to log via their mobile device. |
ITSM
|
SysProperties should have glide__sg__device_encryption_enabled eq true |
| Block JavaScript from being included in HTML embedded using [code] tags |
JavaScript is not allowed in HTML embedded within [code] tags. |
ITSM
|
SysProperties should have glide__ui__security__codetag__allow_script eq false |
| Guest session timeout is less than or equal to 30 minutes |
Guest session timeout is less than or equal to 30 minutes. |
ITSM
|
SysProperties should have glide__guest__session_timeout lte 30 |
| Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
Block jailbroken or rooted devices from accessing the ServiceNow instance using the Now Mobile app. |
ITSM
|
SysProperties should have glide__sg__allow_rooted_jailbroken_device eq false |
| Require a password for local logins |
Local logins require a password. |
ITSM
|
SysProperties should have glide__login__no_blank_password eq true |
| Multi-factor authentication (MFA) is enabled |
Multi-factor authentication (MFA) is enabled. |
ITSM
|
SysProperties should have glide__authenticate__multifactor eq true |
| Enforce password policies when users change their password |
Password policies are enforced when a user changes their password. |
ITSM
|
SysProperties should have glide__enable__password_policy eq true |
| Enable CAPTCHA validation during password resets |
Password resets should require a CAPTCHA. However, this can be disabled for automation tests if required. |
ITSM
|
SysProperties should have password_reset__captcha__ignore eq false |
| Password reset security answers have a minimum length of 4 |
Password reset security answers have a minimum length of 4. |
ITSM
|
SysProperties should have password_reset__qa__ans_min_len gte 4 |
| Require SSO credentials for the main ServiceNow login page |
Require SSO credentials even for the main ServiceNow login page. The property 'glide.authenticate.failed_requirement_redirect' also has to be valid for proper redirects. |
ITSM
|
SysProperties should have glide__authentication__external__disable_local_login eq true and glide__authenticate__failed_requirement_redirect len() gt 0 |
| Administrators must explicitly elevate privileges before taking administrative actions |
Administrators must explicitly elevate privileges before taking administrative actions. |
ITSM
|
SysProperties should have glide__security__strict_elevate_privilege eq true |
| Session timeout is less than or equal to 90 minutes |
Session timeout is less than or equal to 90 minutes. Values exceeding 1440 minutes will be treated as one day. |
ITSM
|
SysProperties should have glide__ui__session_timeout lte 90 |
| Unauthorized session timeout is less than or equal to 5 minutes |
Unauthorized session timeout is less than or equal to 5 minutes. |
ITSM
|
SysProperties should have glide__unauthorized__session_timeout lte 5 |
| Enforce translated HTML sanitization |
Sanitization behavior of translated_html fields on a global_level for field assignments is enforced. |
ITSM
|
SysProperties should have com__glide__security__check_unsanitized_html eq "enforce" |
