Configure compliance data source registry

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Set up the Compliance Data Source Registry (CDSR) that provides the ability to associate policies in other ServiceNow products with control objectives in Policy and Compliance to inform an organization’s overall compliance stand, and to perform policy exceptions when required.

    Before you begin

    Role required: sn_compliance.admin

    About this task

    Based on the association, entities are generated for the associated assessed objects from the target application table and controls are generated automatically. CDSR facilitates easy integrations between GRC and other ServiceNow products such as DevOps, HR, SecOps, and others to meet the customers’ compliance validation and management needs across the enterprise.

    Select the application table that is linked to the assessed object table. Establish a relationship between an item in the application table and a control objective in a target table. To do this, the items must first be configured and mapped to the control objective. Secondly, establish a relationship between the target table and the entities in the entity table.

    Incidentally, entities are people, processes, departments, applications, or objects that must be measured for compliance against control objectives.

    Procedure

    1. Navigate to All > Policy and Compliance > Administration > Compliance data source registry.
    2. Click New.
    3. On the form, fill in the fields.
      Table 1. Compliance data source registry form
      Field Description
      Name Name of the item registry.
      Application table Table of records associated to control objective.
      Related entity identification
      Assessed object table Table in which controls are created.
      Relationship to application table Relationship between the item table and the target table. The choices are:
      • One to many: One record in the application table is linked to multiple records in the assessed object table, and one record in the assessed object table is linked to only one record in the application table.
      • Many to many: One record in the application table is linked to multiple records in the assessed object table, and one record in the assessed object table is linked to multiple records in the application table.
      Application field on assessed object table Field name that points to the target table.
      Application field on m2m table Field name in the mapping table that points to the item table.
      Assessed object field on m2m table Field name in the mapping table that points to the target table.
      Is the assessed object table equivalent to entities? Flag to create an entity in the target table.
      Entity relationship to assessed object table Relationship between the item table and the entity table. The choices are:
      • One to one: When one record in the assessed object table is linked to only one record in the entity table.
      • Many to many: When one record in the entity table is linked to multiple records in the assessed object table, and when one record in the assessed object table is linked to multiple records in the entity table.
      Many to many table Table that establishes the relationship between the item table and the target table.
      Entity field on assessed object table Name of the field that points to the entity table.
      Entity field on m2m table Name of the field in the mapping table that points to an entity table.
      Entity owner field Owner of the entity in the entity table.

      For more detailed information on the set up of generic framework compliance data source registry, see the Set up of generic framework compliance data source registry [KB1112478] article in the Now Support Knowledge Base.

      Note:
      You must log in to Now Support to view the articles.
    4. Click Submit.