GRC: NIST CSF Use Case Accelerator release notes

Release version: Store

Updated June 11, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of GRC: NIST CSF Use Case Accelerator release notes

The GRC: NIST CSF Use Case Accelerator is a ServiceNow application designed to streamline governance, risk, and compliance activities aligned with the NIST Cybersecurity Framework (CSF). The release notes detail version history, highlighting new features, fixes, and improvements that enhance security controls, access management, content updates, and user experience within the ServiceNow platform.

Show full answer Show less

Key Features and Enhancements

Query Range ACL Enhancements (Version 22.3.1, June 2026): Introduction of standardized query range security ACLs across all tables ensures consistent access control for authenticated users with proper read permissions. Upgrades to these ACLs are automated, requiring no manual administrator intervention, though customized ACLs should be reviewed post-upgrade.
Control Objective Workflow Enhancements (Version 22.0.1, March 2026): Business workflows are now restricted to current version control objective records only, preventing draft objectives from being improperly associated with NIST CSF activities.
Activation of GRC Choices (Version 21.1.0, December 2025): New capability allows administrators to activate or deactivate GRC choices used in the accelerator via an 'Active' field for better configuration control.
NIST CSF 2.0 Content Added (Version 19.0.1, August 2024): The application now includes updated NIST CSF 2.0 content such as authority documents, citations, policies, and control objectives to stay current with industry standards.
Dashboard Migration (Version 18.1.0, June 2024): Dashboards have been migrated to the Analytics workspace, improving visualization and reporting capabilities within the platform.
Role and Permission Fixes: Various fixes to role permissions, including preventing unauthorized creation or updates by specific roles and ensuring license tracking for key roles like Risk Executive and Security Officer.

Maintenance and Compatibility

Localization and UI issues have been addressed to ensure consistent user experience.
The application maintains compatibility starting from the Madrid release family and continues to support current and prior ServiceNow platform versions.
Installation size has been optimized for efficiency.
Internal plugin naming and default access controls have been updated to align with ServiceNow best practices.

Practical Impact for ServiceNow Customers

Customers leveraging the GRC: NIST CSF Use Case Accelerator can expect improved security control enforcement, streamlined upgrade processes with minimal disruption, and up-to-date NIST CSF content aligned with the latest standards. The standardized access controls and enhanced workflow restrictions help maintain data integrity and compliance rigor. Administrators gain greater flexibility managing GRC choices and roles, while upgraded dashboards facilitate better risk and compliance insights. Reviewing customized ACLs after upgrades ensures continued adherence to organizational policies.

Version history for the GRC: NIST CSF Use Case Accelerator Use Case Accelerator on the ServiceNow Store.

Important:

For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

Version history

Version 22.3.1 - June 2026 (Australia)

New:
- Query range ACLs include the following enhancements:
  - Consistent access control — All tables include standardized query range security ACLs. These ACLs ensure that authenticated users with appropriate read permissions can query records consistently across the platform.
  - Seamless upgrade experience — New query ACL rules are installed automatically during upgrade, with no administrator action required. Automated upgrade scripts handle the transition, including detecting and processing previously customized ACLs to ensure existing processes continue without interruption.
Post-upgrade review for customized ACLs: If the instance includes administrator-modified query range ACLs, review those records after upgrade to confirm they align with the intended access policy.

Version 22.0.1 - March 2026

Changed:
- Allow business workflow on control objective current version records only
- Prevent association of control objectives which are working drafts to NIST CSF activity objects in the Gap table
- Updated control objective content records with record nature field as Current version and state as published

Version 21.1.0 - December 2025 (Zurich)

New: GRC choices used for the NIST CSF Use Case Accelerator can be activated or deactivated with the new Active field.

Version 20.1.1 - May 2025

Fixed: Control provider role was able to create and update Orient targets.

Version 20.0.0 - February 2025

Fixed:
- Localization issues
- More than one Target without entity

Version 19.0.1 - August 2024

New: Added NIST CSF 2.0 content - authority document, citations, policies, and control objectives.

Version 18.1.0 - June 2024

New: Migrated dashboards to Analytics workspace.

Version 18.0.1 - February 2024

Fixed: On the risk statements, source is showing incorrect value.

Version 17.0.0 - August 2023

Fixed: Cleaned up auto generated business rules as the functionality is already handled.

Version 16.0.2 - February 2023

Fixed:
- Enabled license tracking for Risk executive, Security officer, User, and Control provider roles.
- Access controls for viewing reports.
- Reduction in installation size of the application.

Version 14.1.3 - March 2022

Changed: Support for multiple controls

Version 11.0.0 - October 2020

Changed: Enabled report_view_acl by default

Version 10.1.0 - June 2020

Changed: The internal plugin name has been changed

Version 9.0.1 - November 2019

This application was released for the Madrid family release and is still compatible with New York.

Version 7.0.1 - May 2019

Initial release to the ServiceNow Store.