How are assets that need to be checked for a control objective configured - Items vs Entities?

KrithikaV
Tera Expert

Hi,

 

I understand that the assets for which the compliance has to be checked are configured as Entities. If a control objective is to enforce encryption on database servers, the database servers can be configured as an Entity Type and individual database servers as entities. So, a control is created for each entity (db server).

 

However, it looks like we can also configure the db servers in the table : Control objective to item (sn_compliance_control_objective_item) instead of entities. When will I choose to associate the assets(individual database servers in this case) for which I need to check compliance as Entities and when as Items? Also, how are controls created when I configure the assets in the 'Control objective to item' table instead of configuring them as entities?

 

Thanks in advance,

Krithika

1 ACCEPTED SOLUTION

Joeatter
Tera Expert

The latter table is used for data imported via DevOps. https://docs.servicenow.com/bundle/xanadu-governance-risk-compliance/page/product/grc-policy-and-com...

 

If you're testing compliance for internal policies and control objectives, use entities.

View solution in original post

1 REPLY 1

Joeatter
Tera Expert

The latter table is used for data imported via DevOps. https://docs.servicenow.com/bundle/xanadu-governance-risk-compliance/page/product/grc-policy-and-com...

 

If you're testing compliance for internal policies and control objectives, use entities.