The 18 ServiceNow security checks Black Cat runs
Black Cat SSPM evaluates 18 security policies against your ServiceNow configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Review and revoke admin or security_admin roles from users who do not require administrative privileges
Remove roles from groups with no members or populate the group with appropriate members
Add role requirements to ACL rules that currently allow unauthenticated or role-less access
cmdb
Reduce the percentage of stale CMDB CI records by running discovery or updating records manually
identity
Remove all role assignments from inactive user accounts to prevent privilege accumulation
Investigate and resolve user lockouts to restore legitimate access or confirm account should remain locked
Disable or rename the default admin account to prevent use of a well-known credential target
integration
Migrate integrations from basic authentication to OAuth or certificate-based authentication
itsm
Enable incident auto-assignment to ensure incidents are routed to the appropriate team automatically
Enable change approval requirements to ensure all changes are authorized before implementation
Enable change risk assessment to ensure all changes are evaluated for risk before approval
mfa
Enable multi-factor authentication for all admin accounts via the Multi-Factor Authentication configuration
oauth
Reduce the OAuth access token lifespan to 3600 seconds (1 hour) or less
Update OAuth application redirect URLs to use HTTPS and avoid wildcard patterns
password
Strengthen the password policy to require a minimum of 12 characters and enforce complexity requirements
plugins
Deactivate plugins with known security risks that are not required for business operations
privilege
Configure scheduled jobs to run under a dedicated service account with least-privilege roles instead of the admin account
session
Reduce the session timeout to 60 minutes or less to limit the window for session hijacking