Tables

Australia Governance, Risk, and Compliance

Release

australia

ft:locale

pt-BR

ft:publication_title

Australia Governance, Risk, and Compliance

ft:clusterId

grc

bundleId

grc

workflow

Technology

NIST CSF tables

Versão de lançamento: Australia

Atualizado 16 de jun. de 2026

2 min. de leitura

A few tables are impacted by the NIST CSF guidance.


Table	Purpose
Target [sn_grc_target]	Target is a core table of design to be shared component among the ServiceNow GRC application and GRC use-case content packs.Target is like entity in its purpose, but is used to track any attributes specific to use-case content packs. No two target records can reference the same entity at any time.
NIST CSF Activity [sn_irm_nist_csf_nist_csf_activity]	NIST CSF Activity table is used to track cybersecurity activity relevant for a target. The activity also helps in performing gap analysis that identifies the gaps, non-complaint controls, risks, issues, failed indicators and action plans for a cybersecurity activity.
Gaps [sn_irm_nist_csf_m2m_policy_state_nist_csf_act]	Gaps table in NIST CSF is used to track control objectives that aren’t yet implemented as gaps. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Gaps to Targets.
Non-compliant Control [sn_irm_nist_csf_m2m_cxontrols_nist_csf_act]	Non-compliant Control table in NIST CSF is used to track controls that are identified as non-compliant. Only cybersecurity control objectives as defined by the framework core which are implemented as controls and non-compliant are tracked. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Non-compliant Controls to Targets.
Risk [sn_irm_nist_csf_m2m_risks_nist_csf_activities]	Risk table in NIST CSF is used to track risks that are associated with controls that have been implemented for cybersecurity control objectives as defined by the framework core. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Risks to Targets.
Issue [sn_irm_nist_csf_m2m_issues_nist_csf_act]	Issue table in NIST CSF is used to track issues that are associated with controls that have been implemented for cybersecurity control objectives as defined by the framework core. Issues of risks associated with these controls are also included in the metric. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Issues to Targets.
Action Plan [sn_irm_nist_csf_m2m_remediation_nist_csf_act]	Action Plan table in NIST CSF is used to track the action plans that are identified for the issues. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Action Plans (remediation tasks) to Targets.
Failed Indicators [sn_irm_nist_csf_m2m_indicators_nist_csf_act]	Failed indicators table in NIST CSF is used to track the failed indicators of the target and the control or risk. This table comes handy for reporting and drill down purposes. It's an m2m table that associates Failed Indicators to Targets.
Related Control Objectives [sn_compliance_m2m_policy_stmt_policy_stmt]	Related Control Objectives table in NIST CSF is used to track the associations between control objectives. In base implementation, parent and child control objectives are supported, but this table introduces a concept to relate the control objectives at the same level.