The High security plugin sets many secure defaults and enables the use of Access Control Rules.
The High security plugin sets many more secure defaults. It should be activated, but due to its impact the whole instance should be carefully tested afterwards.
Time to fix
See the ServiceNow documentation article: High security settings.
This rule is linked to Common Weakness Enumeration CWE-284 Improper Access Control.