Protecting United States government information on HI
ServiceNow has an adjudicated Customer Support group that manages all incidents reported by customers associated with the United States Government (USG), including:
- Federal agencies
- State, local, and tribal organizations with registered .gov or .mil domain addresses
- Federally Funded Research and Development Centers (FFRDCs)
USG customer support groups
The ServiceNow Customer Support department is organized into assignment groups. The two main assignment groups are Customer Support and USG Support. The main assignment groups are further sub-divided into specialized assignment groups. All USG customer incidents are automatically assigned to one of the USG Support assignment groups.
Protecting USG information
USG information on HI is protected using several methods.
- USG incidents can only be assigned to ServiceNow employees with the federal role. ServiceNow employees that do not have the federal role cannot see incidents, incident attachments, or incident email messages associated with USG organizations.
- Only ServiceNow employees with the federal role can generate credentials for USG instances.
- ServiceNow employees with the customer_accessor role can only access commercial customer incidents, not USG customer incidents.
- A non-USG ServiceNow employee cannot impersonate an employee with the federal role, an employee with the federal_admin role, or a customer associated with a USG organization.
- Email notifications generated by a USG incident are sent only to ServiceNow employees with the federal role and to customers associated with a USG organization. The recipients specified in the To, CC, and BCC fields are all checked for USG credentials automatically when the incident is associated with a USG organization.
- Only ServiceNow employees with the federal role and users associated with a USG organization can be added to the watchlist of a USG incident. Email addresses cannot be added manually to watchlists on USG incidents.
- ServiceNow partners can be associated with USG customers. Users with the partner_admin role working for a ServiceNow partner can create incidents for USG customers to which the partner is associated.
- The federal and federal_admin role are only granted to ServiceNow employees, not customers or partners. For customer or partner access to USG information, the USG field must be selected on the company record associated with the user.
- On USG incidents, the email icon was removed from the header bar on the incident form. This prevents users with the federal role from sending a USG incident and associated information in an email to a user that does not have the federal role.
- On a USG company record, the Parent, Partner, and Support Partner fields list only USG organizations. This ensures that only USG parent or partner organizations can create and view incidents for other USG organizations.
- A new field named USG Incident Management Group has been added to the Product Category record. The new field is used to route USG incidents to USG Support assignment groups.
- HI contains several non-production instances (HIDEV, HITEST, HIQA, and HIUAT), to which ServiceNow employees have varying levels of access to. When HI is cloned over its non-production instances, USG incidents, along with their associated email messages and attachments, are removed. This ensures that ServiceNow employees who do not have the federal role cannot see sensitive USG information on HI non-production instances.
Contacting customer support
For information about contacting ServiceNow customer support and submitting an incident, see Customer Support for United States Government Customers.