Configuration Compliance correlation

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance correlation

    Configuration Compliance correlation streamlines the management of non-compliance issues by prioritizing configuration scan findings and grouping test results into remediation tasks. This approach helps ServiceNow customers efficiently address compliance risks by focusing on the most critical issues, ensuring timely and organized remediation efforts.

    Show full answer Show less

    Key Features

    • Renamed Terminology (from version 14.9): Terms such as Test Result Group, Rules, and Policy have been renamed to Remediation Task Group, Remediation Task Rules, and Test Group, respectively, aligning with updated platform language.
    • Asset-Centric Prioritization: Findings from configuration scans are prioritized based on both the criticality of the configuration test and the asset, producing a risk score on a 0–100 scale. This prioritization aids in focusing on the highest risk issues first.
    • Event-Driven Import Completion: Upon completing third-party data imports, Configuration Compliance triggers actions such as reopening resolved remediation tasks with failed results, closing tasks with all passed results, and updating the states and flags of test results involved in remediation tasks.
    • Remediation Task State Precedence: When a test result belongs to multiple remediation tasks, its state is determined by a defined order of precedence, ensuring consistent and accurate status reporting. Passed items are always marked as Closed-Fixed, and tasks in Closed-Fixed or Closed-Canceled states are excluded from consideration.
    • Remediation Task Creation Methods: Tasks can be created manually either through the Remediation Tasks module by applying filters (ideal for well-defined result sets) or directly from selected test results (useful for outlier or miscellaneous items). Note that applying filters to an existing remediation task replaces previous test result entries with filtered results.
    • Ungrouped Test Results Module: This module lists all non-passing test results not currently assigned to an active remediation task. It updates automatically after imports or changes in remediation task membership, helping customers identify unaddressed issues.

    Key Outcomes

    • Customers can effectively prioritize and manage configuration compliance issues based on risk scores, ensuring remediation efforts target the most critical vulnerabilities.
    • Automated updates after data imports maintain accurate and current remediation task states and test result statuses, reducing manual oversight.
    • Flexible remediation task creation enables tailored grouping of test results, accommodating both bulk filtered selections and individual cases.
    • Clear state precedence rules provide consistent status determination for test results involved in multiple remediation tasks, improving reporting accuracy.
    • The Ungrouped Test Results module offers visibility into outstanding compliance issues that require assignment, supporting comprehensive remediation coverage.

    Configuration Compliance provides prioritization and test result grouping (into remediation task) to aid remediation of non-compliance issues.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Asset-Centric Prioritization

    Configuration scans can produce large number of findings. Prioritize findings for greatest risk reduction. Priority includes both configuration test criticality and asset criticality. Configuration test result priority is expressed as a 0–100 scale risk score. Calculator groups compute risk score and can be customized.

    When the third-party import is complete, Configuration Compliance sends an event to indicate end-of-import actions. For every active result group, the following actions are taken:
    • Resolved remediation tasks with failed results return to the Awaiting implementation state.
    • Remediation tasks where all results passed are Closed.
    • The state of test results that are in active remediation tasks is updated.
    • The flag indicating whether a result is part of an active remediation task is updated.

    Remediation Tasks order of precedence

    When test results belong to more than one remediation task, the State of a test result is derived according to an order of precedence.

    The State and Resolution fields in the Configuration Test form and the Result field in the Test Result form, are calculated following this order of precedence.

    Note:

    The group membership precedence only applies to items where the item did not pass the configuration test. Passed items are always in the Closed-Fixed state.

    The Result value determines the state. We ignore remediation tasks in the Closed-Fixed and Closed-Canceled state. The item state is computed from the states of all other remediation tasks it belongs to or is set to Open, if no other remediation task exists for the item.

    Remediation task order of precedence

    Remediation Tasks creation

    Configuration Compliance Remediation Tasks are created manually.

    There are two ways to create and populate Remediation Tasks.

    • From the Remediation Tasks module and using filters that automatically populate the Test Results tab.

      This way is good for when you know what filtering you want to use. For example, capturing all failed test results that are moderate and higher criticality, affect the windows-based infrastructure, and apply only to the SAP supply chain application.

    • By selecting test results in the Test Results list and creating a remediation task from the Actions on selected rows... menu.

      This method is good for results that are not easily filtered, or situations where you want to specify test results for remediation. For example, outliers that have nothing in common.

    Note:
    If you create a remediation task from the Test Results list and you later decide to use a filter for that remediation task, your original entries are removed and replaced by the filter results.

    Ungrouped Test Results

    Ungrouped Test Results contain all non-pass test results that are not members of an active (non-Closed) remediation task. This module is updated after every import and whenever test results are added or removed from a remediation task.