0
15.4.8
Zurich, Yokohama, Xanadu
Configuration Compliance exposes configuration-related security vulnerabilities that have the highest impact on business operations. It streamlines the remediation process across frequently isolated information security, IT operations, and business process stakeholders.
The Configuration Compliance application includes the following capabilities:
- Using the Tenable.io integration with Configuration Compliance (CC), identify configuration-related vulnerabilities on your assets to verify that your assets are in compliance with your policies and controls.
- Secure Configuration Assessment (SCA) ecosystem integration - ServiceNow Configuration Compliance unifies configuration assessment, assignment, and remediation across all of your assets. Configuration scanning content can be imported from leading SCA applications such as Qualys Policy Compliance (PC) and Tenable.io.
- Asset-centric prioritization - Focus your limited remediation resources on activities with the greatest risk reduction.
- Remediation workflow orchestration - Configuration findings can be grouped and routed based on remediation specialist skill set and areas of responsibility. Intelligent workflows and tight integration with change management provides smooth task handoffs between groups.
- Continuous monitoring for ServiceNow Governance, Risk, and Compliance (GRC) risk assessment and policy compliance - When CC is used with ServiceNow GRC, the configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls in ServiceNow GRC.
- Enhanced change management - Create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
- Dashboards - View the remediation status metrics on the remediation tasks, compliance tests, and policy records.
- Fixed :
- The Reopen UI action is now compatible with the upgraded plugin (V15.3.3), ensuring proper functionality when reopening compliance records.
- Justification notes from Configuration Compliance remediation task exception requests are now correctly populated into corresponding fields in change approval records.
- The system now correctly identifies and processes relevant approval states, preserving unaffected approvals during workflow changes.
- Configuration Compliance remediation tasks now return to their previous state when level two approvals are cancelled, instead of being set to "Deferred".
- Compliance test results now accurately reflect the status of CIs. Results stay closed for retired or decommissioned CIs, and reopen automatically with new scanner results if the CI is reactivated.
- The Configuration Compliance application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response and Configuration Compliance applications compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- The Qualys Vulnerability Integration and the Tenable.io product in the Tenable Vulnerability Integration can be used with the Configuration Compliance.
- For more information about these integrations and their compatibility with Configuration Compliance, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Roles required:
- System Admin (admin) for installation
- Configuration Compliance Admin (sn_vulc.admin) or admin for configuration
- Roles required: