Operational Technology Vulnerability Response release notes
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Operational Technology Vulnerability Response release notes
The ServiceNow® Operational Technology (OT) Vulnerability Response application helps prioritize OT vulnerabilities at the site level. The Xanadu release introduces enhancements focused on firmware vulnerability assessment, improved dashboards, streamlined remediation management, and support for industry standards such as the Common Security Advisory Framework (CSAF). This application is available through the ServiceNow Store and integrates with related ServiceNow solutions to provide a comprehensive OT security management experience.
Show less
Key Features
- Hardware Vulnerability Assessment: Automatically and periodically assess firmware vulnerabilities of OT devices and create vulnerable items against impacted configuration items (CIs) within the Industrial Workspace.
- Enhanced Dashboards:
- OTVR (PA) Dashboard: Centralized management and visualization of OT vulnerability data with new filtering by site and time frame options for remediation metrics.
- OT Vulnerability Risk Rollup Dashboard: Displays risk scores for OT devices at each equipment model level, aiding risk prioritization.
- Dashboard Library Icon: Provides easy access to OT dashboards within the Industrial Workspace.
- Role-Based Remediation Management: The new OT Vulnerability Remediation Owner (snotvr.remediationowner) role enables users to manage assigned remediation tasks and create change tasks as needed.
- Automatic Remediation Scheduling: Remediation tasks can automatically start based on the ISA maintenance schedule, aligning vulnerability fixes with operational downtime.
- CSAF Support: Import vulnerability solutions from multiple vendors using the Common Security Advisory Framework, enhancing solution integration from trusted providers and aggregators.
- Bulk Edit Capabilities: Update assignment groups for multiple site records simultaneously, improving administrative efficiency.
- Compensating Controls: Use the Libraries module to apply compensating controls that mitigate risks for vulnerabilities that cannot be immediately patched, including associating controls to CVEs and disabling risk reductions.
- Exception Management: Defer remediation tasks directly within the Industrial Workspace by requesting exceptions, enabling flexible risk handling.
- User Interface Enhancements: Improved views for vulnerable items, including an Overview tab with critical details and a Vulnerability Solutions section accessible from the Industrial Workspace List menu.
Key Outcomes
- Improved Vulnerability Prioritization: Risk scores at multiple equipment model levels and firmware-specific assessments enable precise vulnerability management tailored to OT environments.
- Streamlined Remediation: Role assignment, automatic scheduling, exception handling, and bulk editing accelerate and simplify remediation workflows.
- Enhanced Visibility and Reporting: Consolidated dashboards and filtering options provide clear, actionable insights into OT vulnerability status and remediation progress.
- Better Integration and Compliance: Support for CSAF and integration with ServiceNow Industrial and Vulnerability Response applications ensure alignment with industry standards and operational data models.
- Operational Efficiency: Aligning remediation tasks with ISA-95 maintenance schedules reduces operational disruptions and improves maintenance planning.
Activation and Integration
The application must be requested and installed from the ServiceNow Store. It integrates with related ServiceNow applications like CMDB CI Class Models, Vulnerability Response, Operational Technology Manager, and Industrial Process Manager to deliver a comprehensive OT vulnerability management solution.
The ServiceNow® Operational Technology Vulnerability Response application enables you to prioritize Operational Technology (OT) vulnerabilities at a site level. Operational Technology Vulnerability Response was enhanced and updated in the Xanadu release.
Operational Technology Vulnerability Response highlights for the Xanadu release
- Assess the vulnerabilities for the firmware of the OT assets with Hardware Vulnerability Assessment.
- View solutions or details of a vulnerable item (VIT) with enhanced UI options.
- Manage your vulnerable items and Operational Technology Vulnerability Response data with the enhanced OTVR (PA) dashboard in the Industrial Workspace.
- View the risk score of your OT devices at each level of the equipment model with the OT Vulnerability Risk Rollup dashboard.
- Change the Operational Technology Vulnerability Response (OT VR) assignment group field for multiple site records at once.
- Use the Common Security Advisory Framework (CSAF) with multiple vendor support when importing solutions from Aggregators or Trusted Providers.
- Manage remediation tasks more efficiently with the OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role.
- Mitigate controls using the Libraries module in the Industrial Workspace.
- Use the enhanced OTVR (PA) dashboard.
See Operational Technology Vulnerability Response for more information.
Important:
Operational Technology Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.
New in the Xanadu release
- Hardware Vulnerability Assessment menu in the Industrial Workspace
- Automatically and periodically assess the OT device firmware vulnerabilities that are in your inventory and create vulnerable items against the impacted assets (CI).
- Risk scores on the OT Vulnerability Risk Rollup dashboard
- View a table of risk scores for your OT devices at each level of the equipment model with the OT Vulnerability Risk Rollup dashboard.
- Enhanced OTVR (PA) dashboard experience
- View and manage all of your OT vulnerability data and data visualizations in a centralized location with the enhanced OTVR (PA) dashboard, which is accessible on the Dashboard Library page.
- OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role
- Assign the OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role to users who primarily work on an assigned remediation task and can create change tasks when needed. The OT Vulnerability Remediation Owner role
contains the following roles:
- cmdb_ot_isa_viewer
- cmdb_ot_viewer
- sn_vul.close_vi_vg
- sn_vul.remediation_owner
- Automatically set a start time for a remediation task based on the ISA maintenance schedule
- Start a remediation task automatically based on the ISA maintenance schedule. After you create the remediation task, it’s picked up during the next scheduled maintenance.
- Common Security Advisory Framework (CSAF) supported for Operational Technology Vulnerability Response
- Use the Common Security Advisory Framework (CSAF) with multiple vendor support when importing solutions from Aggregators or Trusted Providers.
- OTVR (PA) dashboard Guided Setup
- Use the OTVR (PA) dashboard Guided Setup under the Operational Technology Vulnerability Response section in the Industrial Workspace Guided Setup to configure data collection and review indicator sources.
- Change the Operational Technology Vulnerability Response (OT VR) assignment group field in a bulk edit
- Use the bulk edit feature to update the OT VR assignment group field in multiple site records at once.
- Use compensating controls for Operational Technology
- Use compensating controls for OT to reduce vulnerability risks that can't be patched immediately. Compensating controls help mitigate risks.
UI changes
- Dashboard Library icon
- The Dashboard Library icon (
) was added to the Industrial Workspace and contains the available dashboards for Operational Technology, including the OTVR (PA) dashboard. - Site filter on the OTVR (PA) dashboard and the OT Vulnerability Risk Rollup dashboard
- A site filter was added to both the OTVR (PA) dashboard and the OT Vulnerability Risk Rollup dashboard in the Industrial Workspace so you can filter the displayed data by a chosen site.
- Vulnerability Solutions section in the List menu of Industrial Workspace
- A new Vulnerability Solutions section was added in the List menu (
) of the Industrial Workspace. In the Solutions section, you can view the solutions for the enlisted VITs. - Overview tab for a vulnerable item
- The Overview tab in a VIT provides important information about the VIT, such as State, Risk Rating, Risk Score, Associated Vulnerability, and more.
- Libraries module in the Industrial Workspace
- You can use the Library module in the Industrial Workspace to perform the following functions:
- Enable compensating controls
- Associate compensating control to a Common Vulnerability and Exposure (CVE)
- Disable risk reduction on a CVE
- Vulnerable items by state chart in the OT Vulnerabilities tab on the OTVR (PA) dashboard
- The Vulnerable items by state chart in the OT Vulnerabilities tab is organized sequentially by state.
- OTVR (PA) dashboard updates
- The OTVR (PA) dashboard was updated with the following features:
- You can now view data in the OT VIs Met Remediation Target and the OT VI Mean Time to Remediate (MTTR) widgets by the following time frames:
- The last month
- The last 3 months
- The last 6 months
- The last year
- All time
- The OT Remediation Tasks and OT Critical Remediation Tasks Near Due widgets were moved under the Remediation tab.
- The OT Unassigned Vulnerable Items widget was moved under the Overview tab.
- You can select the OT Vulnerable Items (VI) widget under the Overview tab to open a list of vulnerable items.
- The OT Vulnerable Items (VI) and OT Vulnerable Configuration Items (CI) widgets show an OT class-level breakdown.
- You can now view data in the OT VIs Met Remediation Target and the OT VI Mean Time to Remediate (MTTR) widgets by the following time frames:
- Support for Exception Management for remediation tasks in the Industrial Workspace
- Use Exception Management for remediation tasks to defer vulnerable items. You can defer a remediation task by selecting the Request Exception button in a remediation record in the Industrial Workspace.
Changed in this release
- OT Vulnerabilities tab data
- The following data that was available in the OT Vulnerabilities tab of the OT Manager dashboard has been moved to the OTVR (PA) dashboard:
- Total OT Vulnerable Items
- New OT Vulnerable Items
- OT Unassigned Vulnerable Items
- OT Vulnerable Items by State
- OT Vulnerable Items by Risk Rating
Deprecations
- The OT Vulnerabilities tab is no longer available on the OT Manager dashboard in the Industrial Workspace.
- Starting with the Xanadu release, Vulnerability Response Integration with Microsoft Defender for IoT (On-premises Management Console) integration is being prepared for future deprecation. It will be hidden and no longer activated on new instances but will continue to be supported.
Activation information
Install Operational Technology Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.