View Configuration Compliance tests

Use this module to research detailed information about these tests. Included are the expert source citations that were used when creating them, the third-party configuration policies in which they are used, and the results obtained from the scan.

Before you begin

Role required: sn_vulc.admin

Procedure

  1. Navigate to Configuration Compliance > Controls.
  2. Open the control you want to view.
    Table 1. Configuration Compliance test form fields
    Field Description
    Number Number assigned to the control during the import process.
    Source System name of the third-party integration application, or the name entered in the plugin for the API that is used to communicate with Configuration Compliance.
    Source ID Identifier assigned to the control by the third-party integration.
    Result Status of the scan. Pass or Fail. If this test belongs to multiple test result groups, then its state is determined following an order of precedence.
    Criticality Severity of the configuration issue or issues associated with the control as defined in the third-party integration. The level of criticality is adjusted to match the granularity of similar vulnerability indicators available in Vulnerability Response. The possible levels are:
    Critical
    The configuration issue associated with the control is causing a disruption to one or more business-critical CIs.
    High
    The configuration issue associated with the control is a threat, but is not causing a shutdown of critical network resources.
    Moderate
    The configuration issue associated with the control is a risk, but is not an immediate threat.
    Low
    The configuration issue associated with the control is a low-level threat and can be ignored in favor of CIs that are at greater risk.
    Minor
    The configuration issue associated with the control is a minor risk and can be ignored if necessary.
    Category Major classification category given to this type of control by the third-party vendor.
    Sub-category Sub-category assigned to this class of test by the third-party vendor.
    Technologies List of technologies covered by this test.
    Source created Date the test was first defined in the third-party integration.
    Source updated Date the test was last updated in the third-party integration.
    Short description Summary description or title entered or assigned to the test in the third-party integration.
    Description Long description of the test. For the Qualys Vulnerability Integration, this field defaults to the contents of the Qualys Cloud Platform cover page.
    Remediation Steps instructions describing how to remediate the non-compliance.
    Related Tabs
    Citations List of citations entered for each authoritative source associated with the test.
    Policies List of Configuration Compliance policies that use this test.
    Test Results List of CIs affected by the configuration issue or issues associated with this test. You can access individual tests, ServiceNow configuration items, or the list of affected technologies, if necessary.
    GRC Policy Statements If the GRC Policy and Compliance Management plugin is installed, this tab contains the related GRC policy. You can edit this list to add or remove policy statements. For more information, see Continuous monitoring for GRC assessment and policy