Application layer security in ServiceNow focuses on protecting data and functionality within the ServiceNow application itself. The following components contribute to this:
A. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to provide multiple forms of authentication (e.g., password, security token, biometric verification) to access the application.
C. Access Control Lists (ACLs): ACLs define which users or roles have permission to access, modify, or delete specific data and functionality within the application.
E. IP address access control: While technically a network layer control, IP address access control is often implemented and managed within the ServiceNow application. It restricts access to the instance based on IP address ranges.
Why not the other options?
B. Platform Encryption (PE): This is a broader encryption solution that protects data at rest across the platform, not specifically at the application layer.
D. Full Disk Encryption (FDE): This encrypts the entire hard drive of the server where the ServiceNow instance is hosted, providing protection at the infrastructure level, not the application layer.
[Reference: ServiceNow Security documentation, Application Security best practices, =================]
Submit