0
30.1.4
Zurich, Yokohama, Xanadu, Washington DC, Vancouver, Utah
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Configuration Compliance exposes configuration-related security vulnerabilities that have the highest impact on business operations. It streamlines the remediation process across frequently isolated information security, IT operations, and business process stakeholders.
The Configuration Compliance application includes the following capabilities:
- Using the Tenable.io integration with Configuration Compliance (CC), identify configuration-related vulnerabilities on your assets to verify that your assets are in compliance with your policies and controls.
- Secure Configuration Assessment (SCA) ecosystem integration - ServiceNow Configuration Compliance unifies configuration assessment, assignment, and remediation across all of your assets. Configuration scanning content can be imported from leading SCA applications such as Qualys Policy Compliance (PC) and Tenable.io.
- Asset-centric prioritization - Focus your limited remediation resources on activities with the greatest risk reduction.
- Remediation workflow orchestration - Configuration findings can be grouped and routed based on remediation specialist skill set and areas of responsibility. Intelligent workflows and tight integration with change management provides smooth task handoffs between groups.
- Continuous monitoring for ServiceNow Governance, Risk, and Compliance (GRC) risk assessment and policy compliance - When CC is used with ServiceNow GRC, the configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls in ServiceNow GRC.
- Enhanced change management - Create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
- Dashboards - View the remediation status metrics on the remediation tasks, compliance tests, and policy records.
Changed:
- Standardized the data model and modularized feature sets across Vulnerability Response (VR) to support Unified Security Exposure Management (USEM).
- The Configuration Compliance application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response and Configuration Compliance applications compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Exposure Management (requires entitlement from the store)
- The Qualys Vulnerability Integration and the Tenable.io product in the Tenable Vulnerability Integration can be used with the Configuration Compliance.
- For more information about these integrations and their compatibility with Configuration Compliance, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Roles required:
- System Admin (admin) for installation
- Configuration Compliance Admin (sn_vulc.admin) or admin for configuration
- Roles required: