Using the Security Posture Control workspace

  • Release version: Xanadu
  • Updated August 18, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using the Security Posture Control workspace

    The Security Posture Control (SPC) workspace in ServiceNow enables you to configure, monitor, and manage imported asset data to assess and improve your security posture. It helps identify gaps in security tool coverage across your IT assets and supports remediation workflows. The workspace provides visual insights, asset searches, policies, and integrations with various security tools, allowing you to report on and manage your overall security posture effectively.

    Show full answer Show less

    Roles and Access

    • SPC Admin Group: Full read/write access including licensing information, with roles like snseccaasm.analyst and snsecspccore.configure.
    • SPC Analyst Group: Full read/write access excluding licensing info, with roles such as papoweruser and snsecspccore.analyst.
    • SPC Analyst Read Only Group: Read-only access excluding licensing info, with roles including papoweruser, snsecspccore.analystread, and cmdbmsuser.
    • Supporting roles: Configuration Compliance Admin, Vulnerability Response Admin, and MID Server roles are required for related applications and configurations.

    Workspace Modules

    The SPC workspace includes these key modules:

    • Home: Displays visualizations and summaries of your security posture for reporting to stakeholders.
    • Configured insights: Manage and view custom and preconfigured data visualizations of asset security status.
    • Asset search: Perform and refine searches to locate assets matching specific conditions before creating policies.
    • Asset profiles: Define asset categories to tailor policies and filter insights by asset type.
    • Policies and findings: Create, edit, and activate policies that audit assets for security violations; findings are integrated with Configuration Compliance for remediation.
    • Connectors and use cases setup: Activate and monitor Service Graph Connectors (SGCs) and API integrations to import asset data; configure use cases to identify specific tool coverage gaps.
    • Custom insight builder: Build and activate custom visual reports based on policy audit results and asset data.

    Identifying Security Tool Gaps

    The SPC workspace helps you detect gaps in security tool coverage by:

    • Setting up API connections via Service Graph Connectors available through the ServiceNow Store (may require separate subscriptions).
    • Performing asset searches to inventory assets based on desired criteria.
    • Activating built-in or custom policies to audit assets and detect potential security tool coverage gaps.
    • Viewing findings (i.e., assets missing coverage) reported in the Configuration Compliance application.
    • Automating remediation workflows by assigning findings to appropriate teams within Configuration Compliance.

    Creating and Managing Policies

    You can create custom policies to tailor asset audits and identify specific security posture issues. Policies are central to generating findings, insights, and use case effectiveness. ServiceNow provides examples and guidance on creating base, child, and cloned policies to help you get started. Activated policies work together with asset profiles and configured insights to provide a detailed, actionable view of your environment’s security posture.

    The Security Posture Control workspace contains the modules you use for configuring, using, and monitoring the imported data about your assets.

    Roles

    SPC Admin Group
    Users in this group have full read and write access to all the records for the product, including licensing information. Granular roles for this group include: [sn_sec_caasm.analyst, sn_sec_caasm.caasm_security_admin, and sn_sec_spc_core.configure].
    SPC Analyst Group
    Users in this group have full read and write access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user and sn_sec_spc_core.analyst].
    SPC Analyst Read Only Group
    Users in this group have full read access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user, sn_sec_spc_core.analyst_read, sn_sec_caasm.read, and cmdb_ms_user].
    Supporting application roles
    The following roles are required by the applications that support SPC and Asset Security Posture Management.
    • Configuration Compliance Admin [sn_vulc.admin] - Configures the Configuration Compliance application, has visibility to all records, and can modify properties. Assigns roles in the Configuration Compliance application.
    • Vulnerability Response Admin [sn_vulc.admin] - Configures the Vulnerability Response application and the vulnerability risk calculators.
    • MID Server [mid_server] - Configures a MID Server.

    The modules of the workspace

    To access the workspace, navigate to Workspaces > Security Posture Control The Home (landing page) is displayed. The Security Posture Control workspace contains the following modules.

    Table 1. Modules
    Module Description
    Home

    View data visualizations and other information in the Overview, Key insights, and Key use case coverage sections to help you monitor your assets.

    The information provided on this page permits you to report on the status of your overall security posture to IT, IT and security managers, and other key stakeholders.

    See Key insights and configured insights for Security Posture Control and Policies for Security Posture Control.
    Configured insights

    View the data visualizations about your assets that you create, configure, and activate.

    See Key insights and configured insights for Security Posture Control.
    Asset search

    Quickly search for assets in your environment based on conditions you set.

    Verify that you can locate assets with a set of conditions before you commit those conditions to a policy. You can refine these searches so you get a preview of assets that meet your search criteria. When you are ready, you can save your conditions as a policy.

    See Create an asset search in Security Posture Control.
    Asset profiles

    Create and define asset profiles to monitor different categories of devices with your SPC policies. Incorporate your asset profiles into your policies so you can run policies for specific types of assets. Filter the insights in the Configured Insights dashboard so they are based on your asset profiles.

    See Create an asset profile in Security Posture Control.
    Policies and findings

    Create, clone, edit, and activate policies. There are policies that are included with the application, and you can create your own.

    Policies audit your assets to find matches for potential violations. Insights, visualizations, and use cases depend on policies. See Policies for Security Posture Control.

    Assets that match policy conditions are reported as Findings and are mapped to the Configuration Compliance application for remediation. See View findings for Security Posture Control.
    Connectors and use cases setup

    Activate and view the status of installed service graph connectors (SGC)s and API integrations. Service Graph Connectors and API integrations are sources you use for importing data about your assets.  A wide variety of (SGC)s are supported and are available from the ServiceNow® Store.

    Set up and monitor key use cases. Use cases are different scenarios that you configure to help you identify specific types of tool coverage gaps. Each use case requires a policy or policies to audit your assets for potential violations.

    See Use cases, policy examples, and supported service graph connectors in Security Posture Control.
    Custom insight builder

    Create your own data visualizations. Custom insights provide you with visual reports that are updated by the audit results of your policies and imported data.

    Once you activate them, your custom insights are displayed on the dashboard in the Configured insights module. You can determine where data for an insight is displayed on the dashboard by using Groups.

    See Create and activate a configured insight for Security Posture Control.

    Using the modules of the workspace to identify gaps in tool coverage

    Identifying security tool gaps requires you to perform the following steps.

    1. Set up and activate API connections with any of the tools that you are using in various categories. You can use Service Graph Connectors for products that are available from the ServiceNow Store for the API connections that are required. For more information about the supported service graph connectors, see Service Graph Connectors for Security Posture Control and Service Graph Connectors. Supported service graph connectors are available from the ServiceNow® Store with separate subscriptions.
    2. Perform one or more asset searches based on specific criteria to get an inventory.
    3. Activate the policies shipped with the Security Posture Control application. You can also or create your own policies and activate them based on the results of your asset searches.
    4. Create and activate your own configured insights to help you monitor your assets.
    5. To gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured, see Using mitigation controls monitoring with Security Posture Control.
    6. Set up rules to automate the remediation workflow in the Configuration Compliance application.

    Identifying security tool gaps involves the following steps:

    1. Activate the policies shipped with the Security Posture Control application. The Security Posture Control product finds security tool gaps by performing the following tasks:
      1. Identifies the list of all unique assets populated by various Service Graph Connectors in the CMDB.
      2. Identifies assets that are not reported by specific categories from this asset pool, for example, Endpoint Protection. Assets are identified based on the active policy that is being evaluated.
      3. Assets identified as not reported by specific categories are reported as ‘Findings’ or ‘Test Results’ in the Configuration Compliance application.
    2. Automatically assign ‘Findings’ to different teams for remediation with the Configuration Compliance application.

    Creating your own policies

    See Creating your own policies in the Security Posture Control application for more information about how to create your own policies.

    See Create and activate custom policies for Security Posture Control for more information about the steps required to create a policy.

    For example policies, see Examples of base, child, and cloned policies for Security Posture Control.