0
30.3.4
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Standalone Application
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
Configuration Compliance exposes configuration-related security vulnerabilities that have the highest impact on business operations. It streamlines the remediation process across frequently isolated information security, IT operations, and business process stakeholders.
The Configuration Compliance application includes the following capabilities:
- Using the Tenable.io integration with Configuration Compliance (CC), identify configuration-related vulnerabilities on your assets to verify that your assets are in compliance with your policies and controls.
- Secure Configuration Assessment (SCA) ecosystem integration - ServiceNow Configuration Compliance unifies configuration assessment, assignment, and remediation across all of your assets. Configuration scanning content can be imported from leading SCA applications such as Qualys Policy Compliance (PC) and Tenable.io.
- Asset-centric prioritization - Focus your limited remediation resources on activities with the greatest risk reduction.
- Remediation workflow orchestration - Configuration findings can be grouped and routed based on remediation specialist skill set and areas of responsibility. Intelligent workflows and tight integration with change management provides smooth task handoffs between groups.
- Continuous monitoring for ServiceNow Governance, Risk, and Compliance (GRC) risk assessment and policy compliance - When CC is used with ServiceNow GRC, the configuration tests in Configuration Compliance can be rolled up to their corresponding GRC controls in ServiceNow GRC.
- Enhanced change management - Create pre-populated change requests for IT directly from Configuration Compliance to help you with your remediation tasks that require additional resources.
- Dashboards - View the remediation status metrics on the remediation tasks, compliance tests, and policy records.
New
- Added configurable uniqueness keys for compliance test ingestion to prevent results from being overwritten when multiple tests share the same control identifier.
- Added system property management to the Advanced Settings page in the workspace.
- Added a Users and Groups list view to the workspace Admin console.
- Added support for mapping a single finding to a single remediation task for more granular tracking and remediation.
Changed
- Updated bulk deferral to validate that selected items are not already deferred, preventing duplicate actions and unintended field updates.
- Improved exception management in the risk reduction and questionnaire workflow.
- Updated remediation plans to display plan details after submission.
- Updated the Advanced Settings page to display error message notifications.
Fixed
- Fixed custom date formats (for example, MM‑dd‑yyyy, dd/MM/yyyy) not being processed when requesting exception rule extensions or creating changes from remediation tasks.
- Fixed remediation status on compliance test results incorrectly changing when no actual result update occurred.
- Fixed duplicate compliance integration records being created during instance deployment.
- Fixed remediation task rules incorrectly setting the assignment type to Manual instead of Rule.
- Fixed the Opened by field appearing empty on remediation tasks created from the workspace.
- Fixed duplicate remediation tasks being created for single findings, including after exception rejection or reopening.
- Fixed the Unassign action not appearing for remediation owners with the appropriate role.
- Fixed approval records not transitioning to the correct state when multiple deferrals targeted the same item.
- Fixed approval rules failing after upgrade due to missing migration of custom exception rule substates.
- Fixed excessive background jobs triggered by work note updates on test result groups, improving performance.
- Improved platform stability and performance, including faster daily collection jobs, optimized auto‑close and rollup queries, and unblocked task rule processing during data ingestion.
- Fixed duplicate search buttons on the Assigned To field in the remediation task change creation form.
- The Configuration Compliance application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response and Configuration Compliance applications compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- The following Security Operations apps must be installed and activated:
- Security Integration Framework
- Security Support Common
- Security Exposure Management (requires entitlement from the store)
- The Qualys Vulnerability Integration and the Tenable.io product in the Tenable Vulnerability Integration can be used with the Configuration Compliance.
- For more information about these integrations and their compatibility with Configuration Compliance, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Roles required:
- System Admin (admin) for installation
- Configuration Compliance Admin (sn_vulc.admin) or admin for configuration
- Roles required: