Using the Security Posture Control workspace

  • Release version: Yokohama
  • Updated August 18, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using the Security Posture Control workspace

    The Security Posture Control (SPC) workspace in ServiceNow enables customers to configure, monitor, and manage imported asset data to assess their overall security posture. It provides tools to identify gaps in security tool coverage, monitor asset compliance, and automate remediation workflows. The workspace is designed for IT and security teams to visualize security insights, manage policies, and track findings effectively.

    Show full answer Show less

    Roles and Access

    • SPC Admin Group: Full read/write access including licensing data, with roles allowing configuration and administration.
    • SPC Analyst Group: Full read/write access excluding licensing information.
    • SPC Analyst Read Only Group: Read-only access excluding licensing information.
    • Supporting roles: Include Configuration Compliance Admin, Vulnerability Response Admin, and MID Server roles needed for related applications and integrations.

    Workspace Modules

    • Home: Displays data visualizations and key insights to report on the security posture.
    • Configured Insights: Allows creation and management of custom data visualizations based on asset data.
    • Asset Search: Enables searching assets with customizable conditions to validate and prepare for policy creation.
    • Asset Profiles: Defines categories of assets for targeted policy application and filtered insights.
    • Policies and Findings: Create, edit, activate policies that audit assets for compliance; findings are reported and mapped for remediation.
    • Connectors and Use Cases Setup: Manage service graph connectors and API integrations to import asset data; configure scenarios to identify tool coverage gaps.
    • Custom Insight Builder: Build tailored visual reports that update based on policy audit results and imported data.

    Identifying Security Tool Gaps

    To detect gaps in security tool coverage, customers should:

    • Set up and activate API connections or Service Graph Connectors for their security tools.
    • Perform targeted asset searches to inventory assets.
    • Activate built-in or custom policies to audit assets against tool coverage.
    • Create configured insights for monitoring identified gaps.
    • Use mitigation controls monitoring to understand threat coverage by existing controls.
    • Automate remediation workflows using Configuration Compliance application rules.

    The SPC product identifies assets lacking reporting from specific security categories and reports these as findings. These findings can be automatically assigned for remediation within Configuration Compliance.

    Creating and Managing Policies

    Customers can create custom policies tailored to their organizational needs, clone existing policies, or edit built-in ones. Policies are essential for auditing assets and generating findings. Detailed guidance and examples are provided within the application documentation to assist in policy creation and activation.

    The Security Posture Control workspace contains the modules you use for configuring, using, and monitoring the imported data about your assets.

    Roles

    SPC Admin Group
    Users in this group have full read and write access to all the records for the product, including licensing information. Granular roles for this group include: [sn_sec_caasm.analyst, sn_sec_caasm.caasm_security_admin, and sn_sec_spc_core.configure].
    SPC Analyst Group
    Users in this group have full read and write access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user and sn_sec_spc_core.analyst].
    SPC Analyst Read Only Group
    Users in this group have full read access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user, sn_sec_spc_core.analyst_read, sn_sec_caasm.read, and cmdb_ms_user].
    Supporting application roles
    The following roles are required by the applications that support SPC and Asset Security Posture Management.
    • Configuration Compliance Admin [sn_vulc.admin] - Configures the Configuration Compliance application, has visibility to all records, and can modify properties. Assigns roles in the Configuration Compliance application.
    • Vulnerability Response Admin [sn_vulc.admin] - Configures the Vulnerability Response application and the vulnerability risk calculators.
    • MID Server [mid_server] - Configures a MID Server.

    The modules of the workspace

    To access the workspace, navigate to Workspaces > Security Posture Control The Home (landing page) is displayed. The Security Posture Control workspace contains the following modules.

    Table 1. Modules
    Module Description
    Home

    View data visualizations and other information in the Overview, Key insights, and Key use case coverage sections to help you monitor your assets.

    The information provided on this page permits you to report on the status of your overall security posture to IT, IT and security managers, and other key stakeholders.

    See Key insights and configured insights for Security Posture Control and Policies for Security Posture Control.
    Configured insights

    View the data visualizations about your assets that you create, configure, and activate.

    See Key insights and configured insights for Security Posture Control.
    Asset search

    Quickly search for assets in your environment based on conditions you set.

    Verify that you can locate assets with a set of conditions before you commit those conditions to a policy. You can refine these searches so you get a preview of assets that meet your search criteria. When you are ready, you can save your conditions as a policy.

    See Create an asset search in Security Posture Control.
    Asset profiles

    Create and define asset profiles to monitor different categories of devices with your SPC policies. Incorporate your asset profiles into your policies so you can run policies for specific types of assets. Filter the insights in the Configured Insights dashboard so they are based on your asset profiles.

    See Create an asset profile in Security Posture Control.
    Policies and findings

    Create, clone, edit, and activate policies. There are policies that are included with the application, and you can create your own.

    Policies audit your assets to find matches for potential violations. Insights, visualizations, and use cases depend on policies. See Policies for Security Posture Control.

    Assets that match policy conditions are reported as Findings and are mapped to the Configuration Compliance application for remediation. See View findings for Security Posture Control.
    Connectors and use cases setup

    Activate and view the status of installed service graph connectors (SGC)s and API integrations. Service Graph Connectors and API integrations are sources you use for importing data about your assets.  A wide variety of (SGC)s are supported and are available from the ServiceNow® Store.

    Set up and monitor key use cases. Use cases are different scenarios that you configure to help you identify specific types of tool coverage gaps. Each use case requires a policy or policies to audit your assets for potential violations.

    See Use cases, policy examples, and supported service graph connectors in Security Posture Control.
    Custom insight builder

    Create your own data visualizations. Custom insights provide you with visual reports that are updated by the audit results of your policies and imported data.

    Once you activate them, your custom insights are displayed on the dashboard in the Configured insights module. You can determine where data for an insight is displayed on the dashboard by using Groups.

    See Create and activate a configured insight for Security Posture Control.

    Using the modules of the workspace to identify gaps in tool coverage

    Identifying security tool gaps requires you to perform the following steps.

    1. Set up and activate API connections with any of the tools that you are using in various categories. You can use Service Graph Connectors for products that are available from the ServiceNow Store for the API connections that are required. For more information about the supported service graph connectors, see Service Graph Connectors for Security Posture Control and Service Graph Connectors. Supported service graph connectors are available from the ServiceNow® Store with separate subscriptions.
    2. Perform one or more asset searches based on specific criteria to get an inventory.
    3. Activate the policies shipped with the Security Posture Control application. You can also or create your own policies and activate them based on the results of your asset searches.
    4. Create and activate your own configured insights to help you monitor your assets.
    5. To gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured, see Using mitigation controls monitoring with Security Posture Control.
    6. Set up rules to automate the remediation workflow in the Configuration Compliance application.

    Identifying security tool gaps involves the following steps:

    1. Activate the policies shipped with the Security Posture Control application. The Security Posture Control product finds security tool gaps by performing the following tasks:
      1. Identifies the list of all unique assets populated by various Service Graph Connectors in the CMDB.
      2. Identifies assets that are not reported by specific categories from this asset pool, for example, Endpoint Protection. Assets are identified based on the active policy that is being evaluated.
      3. Assets identified as not reported by specific categories are reported as ‘Findings’ or ‘Test Results’ in the Configuration Compliance application.
    2. Automatically assign ‘Findings’ to different teams for remediation with the Configuration Compliance application.

    Creating your own policies

    See Creating your own policies in the Security Posture Control application for more information about how to create your own policies.

    See Create and activate custom policies for Security Posture Control for more information about the steps required to create a policy.

    For example policies, see Examples of base, child, and cloned policies for Security Posture Control.