Configuration Compliance release notes

ServiceNow® Configuration Compliance is a new application in the Kingston release.

Configuration Compliance is a Secure Configuration Assessment (SCA) application that exposes your most high-impact, configuration-related security vulnerabilities. Configuration Compliance aggregates scan results from integration with scanning applications, such as Qualys Cloud Platform. You can prioritize configuration compliance issues using the Configuration Management Database (CMDB). Configuration Compliance tightly integrates with the IT change management process to remediate non-compliant configurations.

Configuration Compliance features

Third-party integration

Unify your configuration assessment and remediation across all your IT assets.

Import configuration scanning content from leading configuration scanning applications, such as Qualys Policy Compliance (PC).

Use ServiceNow comprehensive platform integration capabilities to incorporate and normalize custom configuration information across other sources specific to your environment.

You have one place for configuration management across your on-prem, cloud, virtual, mobile, IoT, and other IT assets.

Asset-centric prioritization

Periodic vulnerability and configuration scans can produce an overwhelming number of findings. Prioritize findings to reduce your greatest risks using business context for the affected IT assets.

You can create custom risk calculators to elevate or reduce the priority of a finding based on characteristics stored for your assets in the CMDB.

Depending on your environment, you may include:
  • dependent applications
  • business services
  • affected users
  • deployment phase
  • data classification
  • exposure to untrusted networks
  • other characteristics stored for the asset in the CMDB
Remediation workflow orchestration

Bring your configuration content into a structured response engine. Configuration findings can be grouped and routed based on remediation stakeholder skill set and area of responsibility.

Intelligent workflows and tight integration with change management provide smooth task hand-offs between groups.

With Configuration Compliance running on the same platform as IT, Security analysts and IT remediation teams can work together to resolve issues quickly.

Advanced reporting

Put the power of your compliance data in the hands of those responsible for secure and successful service delivery.

Segment highly customizable, real-time dashboards on your unique IT asset attributes maintained in your CMDB, exposing the assets and data that are at the most risk. You can pinpoint areas of performance improvement and act using key indicators, time charts, and drill-downs.

Create and share security scorecards for your critical application areas. All business stakeholders can see where they stand among their peers, helping you promote a shared responsibility model for information security.

Continuous monitoring for GRC assessment and policy

Monitor configuration policies automatically and continuously for Governance, Risk, and Compliance (GRC) and ensure IT policy adheres to regulatory compliance obligations and enterprise risk management, without requiring significant GRC and IT Security overhead.

Use Configuration Compliance with the ServiceNow® GRC application suite to roll up configuration tests in Configuration Compliance to the corresponding GRC controls. GRC control compliance can then be automatically and continuously calculated from configuration scan results across all in-scope assets.

This feature greatly improves compliance and risk visibility with a significant reduction in manual effort.

Activation information

Activate the Configuration Compliance [com.snc.vulc] plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription.


Configuration Compliance can process scan data from various sources.

The Qualys Cloud Platform plugin for Vulnerability Response has been extended to import Qualys PC content and scan results into ServiceNow Configuration Compliance. Plugins that support other configuration scanning applications, such as those from Tenable, Rapid7, and TripWire, may exist. See the ServiceNow Store for available plugins or consult your scanning application representative, for availability.

See Configuration Compliance for more information.