- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2024 06:28 PM
Hi,
I understand that the assets for which the compliance has to be checked are configured as Entities. If a control objective is to enforce encryption on database servers, the database servers can be configured as an Entity Type and individual database servers as entities. So, a control is created for each entity (db server).
However, it looks like we can also configure the db servers in the table : Control objective to item (sn_compliance_control_objective_item) instead of entities. When will I choose to associate the assets(individual database servers in this case) for which I need to check compliance as Entities and when as Items? Also, how are controls created when I configure the assets in the 'Control objective to item' table instead of configuring them as entities?
Thanks in advance,
Krithika
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 11:53 AM
The latter table is used for data imported via DevOps. https://docs.servicenow.com/bundle/xanadu-governance-risk-compliance/page/product/grc-policy-and-com...
If you're testing compliance for internal policies and control objectives, use entities.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-08-2024 11:53 AM
The latter table is used for data imported via DevOps. https://docs.servicenow.com/bundle/xanadu-governance-risk-compliance/page/product/grc-policy-and-com...
If you're testing compliance for internal policies and control objectives, use entities.