CIs attestation

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of CIs attestation

CIs attestation in ServiceNow enables organizations to systematically verify the existence and accuracy of their IT infrastructure and application Configuration Items (CIs) within the CMDB. This process helps maintain CMDB integrity by identifying and removing stale or obsolete CIs that no longer represent actual assets.

Show full answer Show less

The attestation process involves creating policies that define which CIs require verification and how often. Tasks are then assigned to knowledgeable users who can attest to or reject the CIs. Rejected CIs can subsequently be retired, archived, or deleted to keep the CMDB current.

Key Features

Attestation Policies: Defined via the CMDB Data Manager in CMDB Workspace to specify CIs for attestation and set the frequency of verification.
Task Assignment and Management: Attestation tasks are assigned to users familiar with the CIs. Users can access these tasks through the My Work view in CMDB Workspace to review and process them.
Smart Detection and Auto-Attestation: This feature streamlines attestation by automatically identifying CIs eligible for auto-attestation based on recent discovery data. It requires Discovery or Service Graph Connectors to be enabled.
System Properties for Smart Detection: Several system properties control smart detection behavior:
- sncmdbws.attestation.smartdetection.disabled: Enables or disables smart detection (default: enabled).
- sncmdbws.attestation.smartdetection.discoverywindow: Defines the time window (in days) within which CIs must be discovered to qualify for auto-attestation (default: 30 days).
- sncmdbws.attestation.smartdetection.discoverysource.exclusion: Lists discovery sources excluded from smart detection to avoid unreliable data.

Practical Benefits for ServiceNow Customers

Maintains CMDB accuracy by systematically validating CI existence and status.
Improves CMDB data quality by enabling timely removal of outdated CIs.
Reduces manual effort through smart detection and auto-attestation based on recent discovery results.
Allows flexibility in managing attestation policies and task assignments tailored to organizational roles and CI ownership.

Verify the existence of actual IT infrastructure and applications that you own, systematically and in bulk. As CIs are continuously ingested into the CMDB from various data sources, ensure the integrity of the CMDB. Remove any stale CIs that are associated with IT infrastructure or applications that no longer exists.

Use the CMDB Data Manager in CMDB Workspace to create an Attestation policy, specifying CIs that need to be attested and the attestation frequency. Assign Attestation tasks to users that are familiar with or that manage the CIs, and who can attest or reject the IT infrastructure or applications that those CIs represent. Rejected CIs that are no longer needed can then be retired, archived, or deleted from the CMDB.

Users can go to the My Work view in CMDB Workspace to see their assigned attestation tasks, and then review and process the tasks.

Smart detection and auto-attestation

Smart detection streamlines and simplifies CI attestation. With smart detection you can auto-attest CIs that are automatically detected by discovery programs, based only on recent discovery results.

The following conditions must be met to enable smart detection:

Discovery is enabled in your organization or Getting started with Service Graph Connectors are implemented.
The system property sn_cmdb_ws.attestation.smart_detection.disabled is set to false (default value).

In addition, smart detection uses the following system properties as filters when creating a list of CIs that are candidates for auto-attestation. To be included as candidates for auto-attestation, CIs must be discovered:

Within the discovery time window specified by the sn_cmdb_ws.attestation.smart_detection.discovery_window system property (for example, within the last 30 days)
By any discovery source that isn't excluded by the sn_cmdb_ws.attestation.smart_detection.discovery_source.exclusion system property

Then, when you review those candidate CIs, you can choose to auto-attest them.

Properties associated with Attestation


Property	Description
sn_cmdb_ws.attestation.smart_detection.disabled	Disables smart detection. Type: true \| false Default value: false Values: true: Disable smart detection. false: Enable smart detection. Location: Add to System Properties [sys_properties] table. Learn more: Review attestation tasks in CMDB Workspace
sn_cmdb_ws.attestation.smart_detection.discovery_source.exclusion	Comma-separated list of discovery sources that are excluded in smart detection processing. For example, a data source that is unreliable in detecting CIs. CIs discovered by discovery sources in the list, can't be candidates for auto-attestation. Type: string Default value: Manual Entry Location: System property Learn more: Review attestation tasks in CMDB Workspace
sn_cmdb_ws.attestation.smart_detection.discovery_window	Number of days (discovery window) that smart detection uses to determine whether a CI is a candidate for auto-attestation. Only CIs that were discovered within this discovery window can be candidates for auto-attestation. Type: integer Default value: 30 Location: System property Learn more: Review attestation tasks in CMDB Workspace