Disable ServiceNow root of trust [Removed in 1.5]

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Disable ServiceNow root of trust [Removed in 1.5]

Release version: Xanadu

Updated August 1, 2024

1 minute to read

Use the com.snc.csf.servicenow_root_of_trust.disabled property to control which build key certificates are trusted on an instance.

When the com.snc.csf.servicenow_root_of_trust.disabled property is not set to the recommended value of true, signatures on the sn_kmf_record_signature table with ServiceNow build certificates will be trusted on the instance. When the property is set to true, only signatures with customer certificates will be trusted. Instance admins should only trust their own certificates as this reduces security impact if a ServiceNow's build key and certificates were compromised.

More information


Attribute	Description
Configuration name	com.snc.csf.servicenow_root_of_trust.disabled
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Recommended value	true
Default value	false
Category	Malicious code
Security risk	Severity score: 4 CVSS score: Medium Security risk details: When this property is not set to the recommended value of true, signatures on the sn_kmf_record_signature table with ServiceNow build certificates will be trusted on the instance. This increases the security impact in the event a ServiceNow build is compromised by a bad actor.
Dependencies and prerequisites	None
References	Change your Root of Trust configuration Disable ServiceNow Root of Trust
Functional impact	This property enables or disables Servicenow Root of Trust.