SNOW-29.1: Domain Separation Drift (Missing sys_domain)

🔴 High · ServiceNow Domain Separation

Detects GlideRecordSecure queries in agent-facing scripts that lack sys_domain constraints. In domain-separated instances, omitting the domain filter allows cross-tenant data access even when ACLs pass.

Details

Field	Value
Rule ID	SNOW-29.1
Severity	High
Category	ServiceNow Domain Separation
Platforms	servicenow
Compliance	SOC2_CC6, NIST_AI_RMF

Remediation

Refer to the SquireX documentation for remediation guidance specific to SNOW-29.1.

See Also

• Rule catalog index
• SquireX scan documentation