Exploring Configuration Compliance
Summarize
Summary of Exploring Configuration Compliance
The ServiceNow® Configuration Compliance application helps you verify and enforce compliance with security and corporate policies by using test results from third-party Secure Configuration Assessment (SCA) integrations. It enables you to identify, prioritize, and remediate non-compliant configuration items efficiently to reduce configuration-related vulnerabilities across your environment. This application is available by subscription in the ServiceNow® Store.
Show less
Key Features
- Integration with third-party SCA tools to automatically import policies, tests, authoritative sources, and test results.
- Correlation of policies and tests to configuration items (CIs) in the ServiceNow Configuration Management Database (CMDB) to detect vulnerabilities and verify compliance.
- Automated grouping and routing of configuration findings based on skill sets and responsibilities, supporting streamlined remediation workflows.
- Tight integration with ServiceNow Change Management for smooth hand-offs and creation of pre-populated change requests directly from remediation tasks.
- Dashboards that provide visibility into remediation status, compliance tests, and policy metrics.
- Support for exception management to request and manage exceptions when compliance cannot be met.
- Use of CI Lookup Rules to match imported data to CIs in the CMDB, aiding accurate remediation.
- Ability to create and reconcile CIs using the Identification and Reconciliation Engine (IRE) API to avoid duplicates and maintain authoritative data integrity.
- Automated assignment of test results to remediation groups via configurable assignment rules and remediation task rules, enabling bulk analysis and efficient task management.
- Integration with ServiceNow Governance, Risk, and Compliance (GRC) to roll up configuration tests to GRC controls.
Roles and Users
Configuration Compliance involves various roles such as system administrators, vulnerability administrators, vulnerability managers, analysts, and compliance administrators. Specific roles like snvulc.admin, snvulc.write, snvulc.remediationowner, and snvulc.read control access to read, write, and update capabilities within the application. The remediation owner role is automatically assigned to users with the itil role.
Practical Benefits for ServiceNow Customers
- Accelerate the identification and remediation of critical configuration vulnerabilities through automation and integration.
- Improve collaboration among security, IT, and business teams by unifying configuration assessment and remediation workflows.
- Maintain accurate, authoritative CMDB data to support compliance efforts and reduce duplicate configuration items.
- Leverage change management integration to streamline remediation requiring additional IT resources.
- Gain comprehensive visibility into compliance posture and remediation progress via dashboards and reporting.
Use test results obtained from third-party Secure Configuration Assessment (SCA) integrations to verify compliance with security or corporate policies. Identify, prioritize, and remediate non-compliant configuration items.
| Terminology prior to v14.9 | Terminology v14.9 onwards |
|---|---|
| Test Result Group | Remediation Task |
| Group Rules | Remediation Task Rules |
| Policy | Test group |
What is Configuration Compliance
The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance is available by subscription in the ServiceNow® Store.
Key features of Configuration Compliance
Use the Configuration Management Database (CMDB) in your ServiceNow AI Platform® to help you expose and fix your most critical configuration-related security vulnerabilities. Focus your remediation resources on activities with the greatest risk reduction. Streamline the remediation process across security, IT, and your business process stakeholders. The Configuration Compliance application includes the following key features:
- With supported third-party integrations, automatically import policies, tests, authoritative sources, and technologies. See Configuration Compliance integrations for more information about supported integrations.
- Correlate policies and tests to configuration items (assets) to identify configuration-related vulnerabilities and help you verify that your assets are in compliance with your policies and controls.
- Unify configuration assessment, assignment, and remediation across all of your assets.
- Configuration scanning content can be imported from leading Secure Configuration Assessment (SCA) ecosystem integration applications.
- Configuration findings, test failures, can be grouped and routed automatically based on remediation specialist skill sets and areas of responsibility. Intelligent workflows and tight integration with change management provide smooth task hand-offs between groups.
- When used with the ServiceNow Governance, Risk, and Compliance (GRC) application, configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls.
- With enhanced change management, create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
- With dashboards, view remediation status metrics on remediation task, compliance test, and policy records.
Who uses Configuration Compliance
- System administrators
- Vulnerability administrators
- Vulnerability managers
- Vulnerability analysts
- Compliance administrators
- sn_vulc.admin — can read, write, delete
- sn_vulc.write — can read and write
- sn_vulc.remediation_owner — Can read and update assigned recordsNote:The sn_vulc.remediation_owner role is also automatically assigned when any user is assigned the itil role.
- sn_vulc.read — can read
Configuration Compliance and Security Operations
When the Qualys Vulnerability Integration and the Tenable Vulnerability Integration are installed, access to Vulnerability Response becomes available. You can have multiple deployments of these integrations. Data sourced from each deployment is identified and available in a single instance of GRC.
Available versions for Xanadu
| Release version | Release notes |
|---|---|
Configuration Compliance v15.0, v15.1, v15.2, v15.3, 15.4 |
Configuration Compliance release
notes For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes |