Verify the NIST CSF Use Case Accelerator

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • After installing the GRC: NIST Cybersecurity Framework (CSF) Use Case Accelerator, review the NIST CSF application structure, core content, and demo data, if selected during installation.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate to All > User Administration > Roles and review the roles installed with the NIST CSF application.

      These roles contain nist_csf in their names; for example, sn_irm_nist_csf.security_officer. The roles are associated with NIST CSF application modules to provide access based on the user's role.

      Note:
      The basic NIST CSF user role is needed to access the application. This role contains the reader or user roles from the ServiceNow® GRC suite of applications.
    2. In the Application Navigator, type NIST CSF, and verify the application core content.
      Navigate to Verify
      NIST CSF > Content > Authority Documents

      Review the Authority Documents installed for NIST CSF.
      NIST CSF > Content > Citations

      Review the Citations installed for NIST CSF.
      NIST CSF > Content > Control Objectives

      Review the Control objectives installed for NIST CSF.
      NIST CSF > Content > Risk Statements

      Review the Risk Frameworks and Risk Statements installed for NIST CSF.
      NIST CSF > Content > Test Templates

      Review the Test Templates installed for NIST CSF.
      NIST CSF > Content > Indicator Templates

      Review the Indicator Templates installed for NIST CSF.
      NIST CSF > Content > Attestation Types

      Review the Control Attestation Types installed for NIST CSF.
      NIST CSF > Content > Assessment Types

      Review the Risk Assessment Types installed for NIST CSF.
    3. Validate the application demo content, if loaded.
      Navigate to Verify
      NIST CSF > Orient Targets

      Review the sample Targets installed in the system for use with the NIST CSF application.
      User Administration > Users

      Review the sample Persona users installed in the system for use with the NIST CSF application. The User IDs for these users end with .CSF and their name contains CSF.
      Policy and Compliance > Scoping > Profile Classes Perform a search for profile classes with the Name field containing with NIST. Review their relationships by reviewing their roll up to field in respective profile classes.
      Policy and Compliance > Scoping > entity types Perform a search for entity types with the Name field starting with NIST CSF.
      Policy and Compliance > Policies and Procedures > All Controls Perform a search for all controls referencing Control Objectives with a Source = NIST CSF.
      Risk > Risk Register > All Risks Perform a search for all risks referencing Risk Statements with a Source = NIST CSF.
      Audit > Audit Testing > Test Plans Perform a search for test plans with Test Templates that begin with NIST CSF.
      Policy and Compliance > Indicators > Indicators Perform a search for all indicators where Item.Content.Source = NIST CSF.
      Risk > Indicators > Indicators Perform a search for all indicators where Item.Content.Source = NIST CSF.
      Policy and Compliance > Issues > All Issues Perform a search for all issues whereItem.Content.Source = NIST CSF.
      Risk > Issues > All Issues Perform a search for all issues where Item.Content.Source = NIST CSF.
      Policy and Compliance > Remediation Tasks > All Open Remediation Tasks Perform a search for all Remediation tasks where an issue identified on the remediation task hasItem.Content.Source = NIST CSF.
      Risk > Remediation Tasks > All Open Remediation Tasks Perform a search for all Remediation tasks where an issue identified on the remediation task has Item.Content.Source = NIST CSF.