Skip to content

The 18 ServiceNow security checks Black Cat runs

Black Cat SSPM evaluates 18 security policies against your ServiceNow configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.

access control

highAdmin Role Sprawl

Review and revoke admin or security_admin roles from users who do not require administrative privileges

mediumEmpty Group With Roles

Remove roles from groups with no members or populate the group with appropriate members

highOverly Permissive ACL

Add role requirements to ACL rules that currently allow unauthenticated or role-less access

cmdb

mediumCMDB Stale Records

Reduce the percentage of stale CMDB CI records by running discovery or updating records manually

identity

highInactive User With Roles

Remove all role assignments from inactive user accounts to prevent privilege accumulation

infoUser Locked Out

Investigate and resolve user lockouts to restore legitimate access or confirm account should remain locked

criticalDefault Admin Account Active

Disable or rename the default admin account to prevent use of a well-known credential target

integration

highIntegration Using Basic Auth

Migrate integrations from basic authentication to OAuth or certificate-based authentication

itsm

lowIncident Auto-Assignment Disabled

Enable incident auto-assignment to ensure incidents are routed to the appropriate team automatically

highChange Approval Not Required

Enable change approval requirements to ensure all changes are authorized before implementation

mediumChange Risk Assessment Disabled

Enable change risk assessment to ensure all changes are evaluated for risk before approval

mfa

criticalMFA Not Enforced For Admins

Enable multi-factor authentication for all admin accounts via the Multi-Factor Authentication configuration

oauth

mediumOAuth App Long Token Lifespan

Reduce the OAuth access token lifespan to 3600 seconds (1 hour) or less

highOAuth App Insecure Redirect

Update OAuth application redirect URLs to use HTTPS and avoid wildcard patterns

password

criticalWeak Password Policy

Strengthen the password policy to require a minimum of 12 characters and enforce complexity requirements

plugins

mediumInsecure Plugin Active

Deactivate plugins with known security risks that are not required for business operations

privilege

highScheduled Job Runs As Admin

Configure scheduled jobs to run under a dedicated service account with least-privilege roles instead of the admin account

session

mediumSession Timeout Too Long

Reduce the session timeout to 60 minutes or less to limit the window for session hijacking

See these checks run on your stack

Start a free 14-day trial — no credit card required.

Start Free Trial