Combined Operational Technology Vulnerability Response release notes for upgrades from Xanadu to Australia

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Operational Technology Vulnerability Response release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Xanadu to Australia.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Operational Technology Vulnerability Response to Australia

Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

New features

Between your current release family and Australia, new features were introduced for Operational Technology Vulnerability Response.


Release	Release notes
Xanadu	Hardware Vulnerability Assessment menu in the Industrial Workspace Automatically and periodically assess the OT device firmware vulnerabilities that are in your inventory and create vulnerable items against the impacted assets (CI). Risk scores on the OT Vulnerability Risk Rollup dashboard View a table of risk scores for your OT devices at each level of the equipment model with the OT Vulnerability Risk Rollup dashboard. Enhanced OTVR (PA) dashboard experience View and manage all of your OT vulnerability data and data visualizations in a centralized location with the enhanced OTVR (PA) dashboard, which is accessible on the Dashboard Library page. OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role Assign the OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role to users who primarily work on an assigned remediation task and can create change tasks when needed. The OT Vulnerability Remediation Owner role contains the following roles: cmdb_ot_isa_viewer cmdb_ot_viewer sn_vul.close_vi_vg sn_vul.remediation_owner Automatically set a start time for a remediation task based on the ISA maintenance schedule Start a remediation task automatically based on the ISA maintenance schedule. After you create the remediation task, it’s picked up during the next scheduled maintenance. Common Security Advisory Framework (CSAF) supported for Operational Technology Vulnerability Response Use the Common Security Advisory Framework (CSAF) with multiple vendor support when importing solutions from Aggregators or Trusted Providers. OTVR (PA) dashboard Guided Setup Use the OTVR (PA) dashboard Guided Setup under the Operational Technology Vulnerability Response section in the Industrial Workspace Guided Setup to configure data collection and review indicator sources. Change the Operational Technology Vulnerability Response (OT VR) assignment group field in a bulk edit Use the bulk edit feature to update the OT VR assignment group field in multiple site records at once. Use compensating controls for Operational Technology Use compensating controls for OT to reduce vulnerability risks that can't be patched immediately. Compensating controls help mitigate risks.
Yokohama	Configuring Operational Technology Vulnerability Response from the SEM Workspace Starting from Operational Technology Vulnerability Response version 30.0.x, users may be redirected to the Unified Security Exposure Management (USEM) Workspace to perform some configuration tasks. The Vulnerability Response plugin is consolidated under USEM from version 30.0.x. Demo data not required for Operational Technology Risk Calculator plugin You can directly access and use the Operational Technology Vulnerability Response Risk Calculator without loading the demo data while installing the plugin. In previous releases, the risk calculation was included as part of the demo data. Enhanced features for Hardware Vulnerability Assessment for OT devices The following enhancements are available in Hardware Vulnerability Assessment: Assessments without Normalization: Ability to assess discovery models without content available for normalization. Confidence Scores: New scoring mechanism for all types of assessments. Version Range Support: The range information provided by the National Vulnerability Database (NVD) is used to create assessments without explicitly creating Common Platform Enumeration (CPEs) in the NVD. Partial assessment for partially normalized discovery model: Creates partial assessments for discovery models without firmware version. The partial assessments are done if the other versions of the discovery model have the same publisher and model. Expiring of assessments: If you update the firmware version of a CI, the corresponding normalized discovery model also updates. The assessment records based on the older firmware version expires while new assessments are generated for new firmware version. Hardware Vulnerability Assessment menu in the Industrial Workspace Automatically and periodically assess the OT device firmware vulnerabilities that are in your inventory and create vulnerable items against the impacted assets (CI). Vulnerability risk scores on the OT Risk Management dashboard View a table of vulnerability risk scores for your OT devices at each level of the equipment model with the OT Risk Management dashboard. Enhanced OTVR (PA) dashboard experience View and manage all of your OT vulnerability data and data visualizations in a centralized location with the enhanced OTVR (PA) dashboard, which is accessible on the Dashboard Library page.
Zurich	Configuring Operational Technology Vulnerability Response from the SEM Workspace Starting from Operational Technology Vulnerability Response version 30.0.x, users may be redirected to the Unified Security Exposure Management (USEM) Workspace to perform some configuration tasks. The Vulnerability Response plugin is consolidated under USEM from version 30.0.x. Demo data not required for Operational Technology Risk Calculator plugin You can directly access and use the Operational Technology Vulnerability Response Risk Calculator without loading the demo data while installing the plugin. In previous releases, the risk calculation was included as part of the demo data. Enhanced features for Hardware Vulnerability Assessment for OT devices The following enhancements are available in Hardware Vulnerability Assessment: Assessments without Normalization: Ability to assess discovery models without content available for normalization. Confidence Scores: New scoring mechanism for all types of assessments. Version Range Support: The range information provided by the National Vulnerability Database (NVD) is used to create assessments without explicitly creating Common Platform Enumeration (CPEs) in the NVD. Partial assessment for partially normalized discovery model: Creates partial assessments for discovery models without firmware version. The partial assessments are done if the other versions of the discovery model have the same publisher and model. Expiring of assessments: If you update the firmware version of a CI, the corresponding normalized discovery model also updates. The assessment records based on the older firmware version expires while new assessments are generated for new firmware version. Vulnerability risk scores on the OT Risk Management dashboard View a table of vulnerability risk scores for your OT devices at each level of the equipment model with the OT Risk Management dashboard.
Australia	No updates for this release.

Changes

Between your current release family and Australia, some changes were made to existing Operational Technology Vulnerability Response features.


Release	Release notes
Xanadu	OT Vulnerabilities tab data The following data that was available in the OT Vulnerabilities tab of the OT Manager dashboard has been moved to the OTVR (PA) dashboard: Total OT Vulnerable Items New OT Vulnerable Items OT Unassigned Vulnerable Items OT Vulnerable Items by State OT Vulnerable Items by Risk Rating
Yokohama	OT Vulnerabilities tab data The following data that was available in the OT Vulnerabilities tab of the OT Manager dashboard has been moved to the OTVR (PA) dashboard: Total OT Vulnerable Items New OT Vulnerable Items OT Unassigned Vulnerable Items OT Vulnerable Items by State OT Vulnerable Items by Risk Rating
Zurich	No updates for this release.
Australia	No updates for this release.

Removed

Between your current release family and Australia, some Operational Technology Vulnerability Response features or functionality were removed.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Deprecations

Between your current release family and Australia, some Operational Technology Vulnerability Response features or functionality were deprecated.


Release	Release notes
Xanadu	The OT Vulnerabilities tab is no longer available on the OT Manager dashboard in the Industrial Workspace. Starting with the Xanadu release, Vulnerability Response Integration with Microsoft Defender for IoT (On-premises Management Console) integration is being prepared for future deprecation. It will be hidden and no longer activated on new instances but will continue to be supported.
Yokohama	The OT Vulnerabilities tab is no longer available on the OT Manager dashboard in the Industrial Workspace. Starting with the Yokohama release, Vulnerability Response Integration with Microsoft Defender for IoT (On-premises Management Console) integration is being prepared for future deprecation. It will be hidden and no longer activated on new instances but will continue to be supported.
Zurich	No updates for this release.
Australia	No updates for this release.

Activation information

Review information on how to activate Operational Technology Vulnerability Response.


Release	Release notes
Xanadu	Install Operational Technology Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Yokohama	Install Operational Technology Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Zurich	Install Operational Technology Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Australia	No updates for this release.

Additional requirements

If any additional requirements were introduced or changed for Operational Technology Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Operational Technology Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Accessibility information

Review details on accessibility information for Operational Technology Vulnerability Response, such as specific requirements or compliance levels.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	Coral theme Coral is now the default theme for new portal, web, and mobile experiences with Next Experience or Core UI enabled. This theme provides a fresh look and feel, featuring brand-neutral illustrations to enhance your user experience. A dark theme option is available for web and mobile experiences.
Australia	No updates for this release.

Localization information

If there are specific localization considerations for Operational Technology Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	No updates for this release.
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Highlight information

If there are specific highlight considerations for Operational Technology Vulnerability Response we have noted them here.


Release	Release notes
Xanadu	Assess the vulnerabilities for the firmware of the OT assets with Hardware Vulnerability Assessment. View solutions or details of a vulnerable item (VIT) with enhanced UI options. Manage your vulnerable items and Operational Technology Vulnerability Response data with the enhanced OTVR (PA) dashboard in the Industrial Workspace. View the risk score of your OT devices at each level of the equipment model with the OT Vulnerability Risk Rollup dashboard. Change the Operational Technology Vulnerability Response (OT VR) assignment group field for multiple site records at once. Use the Common Security Advisory Framework (CSAF) with multiple vendor support when importing solutions from Aggregators or Trusted Providers. Manage remediation tasks more efficiently with the OT Vulnerability Remediation Owner (sn_otvr.remediation_owner) role. Mitigate controls using the Libraries module in the Industrial Workspace. Use the enhanced OTVR (PA) dashboard. See Operational Technology Vulnerability Response for more information.
Yokohama	Configure Operational Technology Vulnerability Response from the Security Exposure Management Workspace (SEM Workspace). Access the Operational Technology Vulnerability Response Risk Calculator plugin directly without loading the demo data. View all vulnerable items that have been created from the OT Vulnerable Items list in the Industrial Workspace. View all remediation tasks that have been created from the OT Remediation Tasks list in the Industrial Workspace. View all vulnerability exceptions that have been created from the OT Vulnerability Exception Approvals list in the Industrial Workspace. Hardware Vulnerability Assessment is available for firmware discovery models without normalized data. Assess the vulnerabilities for the firmware of the OT assets with Hardware Vulnerability Assessment. View solutions or details of a vulnerable item (VIT) with enhanced UI options. Manage your vulnerable items and Operational Technology Vulnerability Response data with the enhanced OTVR (PA) dashboard in the Industrial Workspace. View the risk score of your OT devices at each level of the equipment model with the OT Vulnerability Risk Rollup dashboard. See Operational Technology Vulnerability Response for more information.
Zurich	Configure Operational Technology Vulnerability Response from the Security Exposure Management Workspace (SEM Workspace). Access the Operational Technology Vulnerability Response Risk Calculator plugin directly without loading the demo data. View all vulnerable items that have been created from the OT Vulnerable Items list in the Industrial Workspace. View all remediation tasks that have been created from the OT Remediation Tasks list in the Industrial Workspace. View all vulnerability exceptions that have been created from the OT Vulnerability Exception Approvals list in the Industrial Workspace. Hardware Vulnerability Assessment is available for firmware discovery models without normalized data. See
Australia	No updates for this release.