Asset Security Posture Management release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Asset Security Posture Management release notes

    The Asset Security Posture Management (ASPM) application on the ServiceNow Store helps you inventory enterprise assets and identify security coverage gaps. It integrates vulnerability data from third-party tools to provide visibility into high-risk security lapses across your assets. The application evolves regularly with new features, fixes, and security improvements to enhance asset security posture management within ServiceNow.

    Show full answer Show less

    Key Features

    • Asset inventory and security coverage: Provides a comprehensive view of enterprise assets and highlights missing security controls such as endpoint protection agents.
    • Policies and custom insights: Enables activation of built-in or custom policies to audit assets, create custom insights dashboards, and visualize data using charts, trends, and match counts.
    • Integration with security connectors: Supports connectors such as Service Graph Connector for Tenable and XM Cyber, as well as mitigation controls sources like AWS Web Application Firewall (WAF).
    • Policy builder enhancements: Allows querying assets based on specific criteria such as first seen timestamp, reported sources, model name, and logon activity within a configurable timeframe.
    • Improved data filtering and organization: Includes features like asset profile-based filtering, filtering out retired assets from insights, and grouping custom insights for better report organization.
    • Security and upgrade improvements: Updates Access Control Lists (ACLs) to align with ServiceNow Platform Security guidance and prevents update set conflicts among Security Operations plugins.

    Key Outcomes

    • Gain clear visibility into your asset inventory and security tool coverage gaps to reduce risk exposure.
    • Leverage integrated vulnerability data and robust policy controls to audit asset security posture effectively.
    • Create actionable insights and visual reports tailored to your enterprise’s specific security needs.
    • Maintain compliance with internal security directives via automatic ACL and security updates during upgrades without losing customizations.
    • Benefit from continuous enhancements and fixes that improve accuracy, filtering, and user experience in managing asset security posture.

    Version history for the Vulnerability Response Asset Security Posture Management application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 5.5.2 - June 2026
    • The following enhancements and changes support internal security directives. These changes are applied automatically upon upgrade and your customizations on impacted Access Control Lists (ACLs) are preserved:
      • Updated query ACLs for the Asset Security Posture Management (CAASM) tables to align with ServiceNow Platform Security guidance.
      • Renamed the read-only fix script to a per-plugin name to prevent update set conflicts with other Security Operations plugins.
    Version 5.5.1 - December 2025
    New: The Service Graph Connector for XM Cyber (XM Cyber SGC) is supported in Security Posture Control.
    Version 5.3.5 - August 2025
    Fixed: Asset profile-based filtering in custom insights.
    Version 5.3.4 - May 2025
    • New:
      • Supporting changes for Amazon Web Services (AWS) Web Application Firewall (WAF) as a mitigation controls source.
      • Supporting changes for the asset profiles feature introduced for SPC policies.
    Version 5.3.2 - February 2025
    • Fixed:
      • Retired assets are filtered out from key insights.
      • The logic for use cases on the Connectors and Dashboard pages.
      • Conditions for policies that are included with the application.
    Version 5.1.2 - December 2024
    Fixed: The "With IRM Exception" connection in policy builder now renders the properties properly.
    Version 4.0.0 - August 2024
    New: Added Groups to custom insights that organize your reports on the Configured insights dashboard.
    Version 3.0.3 - June 2024
    Fixed: The 'with-connector-data' connection filters for the applicable classes.The class filter evaluates base and child policy conditions for the list of supported classes.
    Version 3.0.2 - May 2024
    • New:
      • Improvements to the policy builder:
        • Select the Reported only by Connection to monitor assets that are reported from a few specific asset sources but not by any other sources.
        • Select the First seen timestamp with the With CMDB Metadata Connection to look for assets that were first discovered within a given timeframe.
        • Select Model name to query devices for specific model information to help you with security control coverage.
        • Select 'Within the last n days' and type in a number of days up to 30. For example, you can monitor assets with last logon data from Active Directory in last 3 days.
    Version 2.0.2 - March 2024
    • Fixed:
      • Updates to support the base policies for the Service Graph Connector for Tenable.
      • Minor issues with dashboard widgets and drill-down logic on the Home page in the Security Posture Control Workspace.
      • Staging table entries are created for policies that don't perform a CMDB query as expected.
    Version 2.0.0 - February 2024
    • New:
      • Activate policies included with the application and start auditing your assets with key use cases.
      • View your asset inventory for the enterprise on the Home page in the workspace.
      • Use your own policies or the policies included with the application to create custom insights.
      • Use the supported custom insight widgets to create the following types of visualizations on the Custom insights dashboard:
        • Comparison charts.
        • Policy Match counts.
        • Policy match percentages.
        • Policy match trends.
    Version 1.0.1 - August 2023 (Vancouver)
    Initial release: This plugin provides you with an inventory of your enterprise assets and identifies their security tool coverage gaps. Assets identified as missing endpoint protection agents, for example, are associated with vulnerability data from third-party vulnerability assessment tools to give you visibility into combinations of the high-risk security lapses on your enterprise assets.