Understanding Configuration Compliance Use test results obtained from third-party SCA integrations to verify compliance with security or corporate policies by identifying and remediating non-compliant configuration items. What is Configuration Compliance With Configuration Compliance you can do the following: Automatically import policies, tests, authoritative sources, and technologies Automatically correlate policies and tests to configuration items Analyze test results Remediate non-compliant configuration items Who uses Configuration Compliance Configuration Compliance activities can involve many levels of management. System administrators Vulnerability administrators Vulnerability managers Vulnerability analysts Compliance administrators Configuration Compliance tasks involve the following roles. sn_vulc.admin — can read, write, delete sn_vulc.write — can read and write sn_vulc.read — can read Configuration Compliance and Security Operations Configuration Compliance works with third-party SCA scanner applications and integrates with Governance, Risk, and Compliance (GRC) for continuous monitoring. When the Qualys Vulnerability Integration is installed, access to Vulnerability Response becomes available. GRC is available as a separate subscription.