Exploring Configuration Compliance

  • Release version: Yokohama
  • Updated August 8, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Configuration Compliance

    The ServiceNow® Configuration Compliance application helps organizations quickly identify, prioritize, and remediate critical configuration-related security vulnerabilities by leveraging test results from third-party Secure Configuration Assessment (SCA) integrations. It ensures your assets comply with security and corporate policies by correlating policies and tests to configuration items in your Configuration Management Database (CMDB).

    Show full answer Show less

    Note that starting with version 14.9, terminology within the application has been updated to better reflect remediation tasks and policy groupings.

    Key Features

    • Third-party Integration: Automatically import policies, tests, and scanning content from supported SCA ecosystem integrations to streamline configuration assessments.
    • Correlation and Compliance Verification: Map policies and tests to assets to identify vulnerabilities and verify compliance status.
    • Unified Remediation: Consolidate configuration assessment, assignment, and remediation processes across all assets.
    • Automated Grouping and Routing: Group configuration findings and route remediation tasks automatically based on specialist skill sets and responsibilities.
    • Intelligent Workflows: Seamless integration with change management supports smooth task hand-offs and enables pre-populated change requests for remediation efforts requiring additional IT resources.
    • Governance, Risk, and Compliance (GRC) Integration: Configuration tests can roll up to GRC controls for comprehensive risk management.
    • Dashboards and Metrics: Visualize remediation status through dashboards showing metrics on remediation tasks, compliance tests, and policy records.

    Who Uses Configuration Compliance

    The application is used by various roles involved in configuration and vulnerability management, including system administrators, vulnerability administrators, managers, analysts, and compliance administrators. Specific roles control access levels:

    • snvulc.admin: Full read, write, and delete access.
    • snvulc.write: Read and write access.
    • snvulc.remediationowner: Read and update access on assigned records; automatically assigned with the itil role.
    • snvulc.read: Read-only access.

    Integration with Vulnerability Response

    When Qualys or Tenable Vulnerability Integrations are installed, Configuration Compliance data integrates with Vulnerability Response, enabling consolidated vulnerability management within a single GRC instance even across multiple deployments.

    Version and Setup

    The Yokohama release includes Configuration Compliance versions 15.2, 15.3, and 15.4. For installation, activation, and compatibility details, customers should refer to official release notes and knowledge base articles.

    Use test results obtained from third-party Secure Configuration Assessment (SCA) integrations to verify compliance with security or corporate policies. Identify, prioritize, and remediate non-compliant configuration items.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    What is Configuration Compliance

    The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance is available by subscription in the ServiceNow® Store.

    Configuration Compliance workflow

    Key features of Configuration Compliance

    Use the Configuration Management Database (CMDB) in your ServiceNow AI Platform® to help you expose and fix your most critical configuration-related security vulnerabilities. Focus your remediation resources on activities with the greatest risk reduction. Streamline the remediation process across security, IT, and your business process stakeholders. The Configuration Compliance application includes the following key features:

    • With supported third-party integrations, automatically import policies, tests, authoritative sources, and technologies. See Configuration Compliance integrations for more information about supported integrations.
    • Correlate policies and tests to configuration items (assets) to identify configuration-related vulnerabilities and help you verify that your assets are in compliance with your policies and controls.
    • Unify configuration assessment, assignment, and remediation across all of your assets.
    • Configuration scanning content can be imported from leading Secure Configuration Assessment (SCA) ecosystem integration applications.
    • Configuration findings, test failures, can be grouped and routed automatically based on remediation specialist skill sets and areas of responsibility. Intelligent workflows and tight integration with change management provide smooth task hand-offs between groups.
    • When used with the ServiceNow Governance, Risk, and Compliance (GRC) application, configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls.
    • With enhanced change management, create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
    • With dashboards, view remediation status metrics on remediation task, compliance test, and policy records.

    Who uses Configuration Compliance

    Configuration Compliance activities can involve many levels of management.
    • System administrators
    • Vulnerability administrators
    • Vulnerability managers
    • Vulnerability analysts
    • Compliance administrators
    Configuration Compliance tasks involve the following roles.
    • sn_vulc.admin — can read, write, delete
    • sn_vulc.write — can read and write
    • sn_vulc.remediation_owner — Can read and update assigned records
      Note:
      The sn_vulc.remediation_owner role is also automatically assigned when any user is assigned the itil role.
    • sn_vulc.read — can read

    Configuration Compliance and Security Operations

    When the Qualys Vulnerability Integration and the Tenable Vulnerability Integration are installed, access to Vulnerability Response becomes available. You can have multiple deployments of these integrations. Data sourced from each deployment is identified and available in a single instance of GRC.

    Available versions for Yokohama

    Release version Release notes

    Configuration Compliance v15.2, 15.3, 15.4

    		 Configuration Compliance release notes.

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

    See Setting up, installing, and configuring the Configuration Compliance application for more information about activating the application.