Where and how to store CIA (Confidentiality, Integrity, Availability) related information in the CMDB?

Jacques Clement
Kilo Sage
Kilo Sage

‎04-04-2022 02:31 AM

Hi -

I recently came across two customers that want to categorise their Business Applications using the CIA (Confidentiality, Integrity, Availability) model. I looked on the Community and could not find any discussion about this subject.

Long story, there's been debates about where to model this piece of information: e.g. should it be Biz App level, App Service level or some place else? Note that those customers are not at a point where they model their Information Objects (yet).

App Service would make sense to me, given that 2 deployments don't necessarily have the same requirements. E.g. a dev environment may have anonymized data, therefore making the Confidentiality point less of a problem.

So the question is twofold

  1. Where would you store this information and,
  2. Are there any existing out of the box fields that could fulfill this requirement. I looked into the base instance, but I don't know whether APM or other plugins/modules extends the CMDB with corresponding fields.

Thanks,
JC

Labels:
0 Helpfuls
  • 3,964 Views
5 REPLIES 5

msyyc
Tera Contributor

‎05-23-2025 03:28 PM

Given CIA values are metadata that are useful to BCM/BIA, ITSM, Cybersecurity Incident Response, and Vulnerability Management, I think it would serve ServiceNow customers better to include the CIA in the CMDB.  The CMDB is central to the platform, so those organizations who do not have all of the modules can still leverage this information for the mentioned services. 
The other option is to create custom fields in the CMDB to have the data.

0 Helpfuls