Addressing Compliance Issues with Configuration Compliance

Vulnerability Response with Madrid
July 31, 2019
Eradicate Threats with Threat Intelligence and Trusted Security Circles
August 16, 2019

ServiceNow has a host of features to help you make the best use of your CMDB. Apart from operations and service management, however, ServiceNow offers product documentation services that will ramp up visibility and cut the time taken to identify non-compliance.

The service we’re breaking down today is Configuration Compliance – a Secure Configuration Assessment application. With this application, you can take integrations with scanning applications such the Qualys Cloud Platform and aggregate the scan results from them. 

When Configuration Compliance works with /your CMDB, it allows you to prioritise compliance issues, and address non-compliance quickly and accurately by securely integrating with IT change management processes.

Accurately Verifying Compliance 

To assess and verify compliance properly, you need to be able to do four things well:

  1. Correlate configuration items to tests and policies automatically.
  2. Analyse test results.
  3. Remedy non-compliance quickly.
  4. Import technologies, sources, policies, and tests automatically.


Whether corporate or security policy, ServiceNow’s configuration compliance tools help you use test results from SCA integrations to hunt down non-compliant items and remedy them immediately.

When test result data is imported using Configuration Compliance, the following steps are taken:

Step 1: An Awaiting Implementation state is assigned for resolved groups with failed results.

Step 2: In tests where all results have passed, the test group is assigned a Closed state.

Step 3: Test results in any active test groups are updated accordingly.

Step 4: An updation of the flag that indicates whether a test result is from an active group is done.


Ensuring Security with Configuration Compliance

If you use Qualys to detect security issues, you can install Qualys Vulnerability Integration. You can deploy the integration tool multiple times and also receive access to Vulnerability Response. From each deployment, Configuration Compliance can source data, identify it, and make it available in a single, smooth process, allowing for efficient tracking, prioritising, and resolving.

Configuration Compliance can also integrate with GRC (Governance, Risk, and Compliance) to enable continuous assessment. You can subscribe to GRC and Configuration Compliance separately, and combine them to allow optimal security monitoring. 

Criticality mapping, which configuration compliance includes, helps you take criticality fields from data sources and transform them to Configuration Compliance fields. This system ships with standard ServiceNow mapping, allowing for creating and editing a criticality map for all non-standard third-party mappings and customized mappings in the system.


System-Wide Applications of Configuration Compliance

Configuration Compliance can be applied across several layers of management. Apart from Compliance administrators, System administrators can use it, as can Vulnerability analysts, managers, and administrators. At any of those levels, Configuration Compliance offers the basic yet deeply important service of structuring hardware and software test groups into records of data, which drastically decreases the time taken to conduct assessments.

The fact that Configuration Compliance integrates so tightly with change management, security, and your CMDB allows for efficient reporting as well.

The homepage of your Configuration Compliance tool will offer your administrators and analysts a holistic view of all policies, test results, tests, and CIs. Security staff can use this to pinpoint risk and non-compliance quickly. They can add significance charts whenever needed. And use the global search feature to find relevant information.

The usability of the dashboard extends even to the permissions it allows. Admins and analysts can all view the dashboard, create, and edit, while only admins can delete. 

With the charts on the dashboard, users can easily select a particular section to view information specific to it. Clicking will drill down to more detail, opening a list with more specific information on that part of the report.

The vulnerability overview reports are depicted visually in different shapes and types of graphs to aid in better understanding. Test results by compliance, for example, are shown as a donut graph, whereas failed test results by category will show up as a bar graph.

It is obvious, taking all these features into account, that Configuration Compliance in ServiceNow’s platform is the best way to organise your hardware and software test data in order to properly identify, prioritise, and address compliance-related issues. If you are interested in integrating your system with ServiceNow’s Configuration Compliance tools, please contact us. We at abhra Inc. are skilled ServiceNow implementation partners for all its tools, modules and services.

Description: Address configuration compliance issues across every level of your system with ServiceNow.



Leave a Reply

Your email address will not be published. Required fields are marked *