Operational Technology Vulnerability Solution Management

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Solution Management

    Operational Technology (OT) Vulnerability Solution Management, introduced in the Zurich release and available from the Xanadu version within the Operational Technology Vulnerability Response application, streamlines the process of identifying and managing remediation for OT vulnerabilities. It addresses the challenge faced by security and IT teams in large organizations where manual translation of vulnerability findings into remediation tasks is time-consuming and prone to errors.

    Show full answer Show less

    This feature automatically correlates vulnerability findings with possible remediation solutions, allowing you to prioritize actions based on vulnerability risk severity. It also supports applying compensating controls for vulnerabilities that cannot be patched immediately, helping to mitigate risk effectively within OT environments.

    Key Features

    • Automatic Correlation: Links vulnerabilities to remediation solutions, reducing manual effort and improving accuracy.
    • Prioritization by Risk: Enables prioritizing remediation actions based on the severity of vulnerability risk.
    • Compensating Controls Support: Facilitates risk mitigation for vulnerabilities that cannot be patched immediately in OT systems.
    • Integration with Solution Intelligence: Supports importing vulnerability solution data using the Common Security Advisory Framework (CSAF), an open-source JSON-based standard for structured security advisories.
    • CSAF Data Import Methods:
      • File import through Setup Assistant configuration.
      • Import via CSAF URLs from individual vendors or Trusted Providers.
      • Support for ROLIE feeds from vendors like Siemens and Trusted Providers such as CISA, allowing bulk import of advisories.
      • Import from advisories or API sources for up-to-date solution data.
    • Automatic Mapping: Vulnerability solutions are automatically mapped to the correct vendor and vulnerable items based on Common Vulnerabilities and Exposures (CVEs), enhancing accuracy and efficiency.
    • Centralized Solution Management: All imported solutions can be viewed and managed in the Vulnerability Response application under the Solutions section.

    Practical Benefits for ServiceNow Customers

    • Reduces the manual workload and errors in vulnerability remediation processes.
    • Improves security posture by enabling timely and prioritized remediation of OT vulnerabilities.
    • Facilitates standardized and automated ingestion of vulnerability solutions data from multiple vendors using industry-supported formats.
    • Enables leveraging trusted external sources for comprehensive vulnerability solution intelligence.
    • Supports ongoing updates and management of vulnerability solutions within your ServiceNow environment.

    Starting from the Xanadu version, Operational Technology (OT) Vulnerability Solution Management is a feature available within the Operational Technology Vulnerability Response application.

    Security and IT teams often spend a significant amount of time and effort to research vulnerability findings and identify the most effective solutions for their environment. In large organizations, translating vulnerability findings into remediation tasks is a manual, tedious, and error-prone process due to the volume and complexity of the vulnerabilities.

    OT Vulnerability Solution Management automatically correlates the vulnerability findings in your environment with possible solutions that remediate them. You can identify the remediation actions that apply to your vulnerabilities and prioritize them by the severity of the vulnerability risk. Also, you can mitigate the risk posed by vulnerabilities that cannot be patched immediately by using compensating controls for OT. For more information, see Use compensating controls for Operational Technology.

    The OT Vulnerability Solution Management feature is based on the feature available in the Vulnerability Response application. For more information on Vulnerability Solution management, refer to Vulnerability Solution Management.

    OT Vulnerability Solution Management supports the generic format for solution intelligence integration. The generic framework for solution intelligence integration ingests data in different file formats from solution vendors. These formats speed up information exchange and processing. It also improves critical security-related information sharing in a standardized reporting format. The supported file format is the Common Security Advisory Framework (CSAF), which is an open-source standard that provides JSON-based structured, machine-readable security advisories. Major vendors such as Cybersecurity & Infrastructure Security Agency (CISA), Siemens, Hitachi, Schneider Electric, and others support the CSAF format.

    The CSAF supported solution management includes the following key features:
    • Configuration through Setup Assistant. For more information, see Configure vulnerability solution providers.
    • Support of importing CSAF data through file import. For more information, see Import Common Security Advisory Framework data through file import.
    • Support of importing CSAF data through CSAF URL. For more information, see Import Common Security Advisory Framework (CSAF) data through CSAF URL. OT Vulnerability Solution Management enables you to import CSAF data from:
      • Individual vendors that support CSAF format and have a CSAF URL ROLIE Feed. You can use the CSAF URL ROLIE Feed provided by the vendor to import the CSAF data. For example, the Siemens URL ROLIE Feed.
      • CSAF Aggregators or Trusted Providers through a URL import that supports the ROLIE Feed. You can import CSAF data of multiple vendors from a Trusted Provider. For example, CISA is a Trusted Provider and you can import CSAF data of multiple vendors from the Industrial Control System (ICS) CSAF advisories located at the CISA’s GitHub CSAF repository. These vulnerability solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs). Using a Trusted Provider reduces the time and effort required to import CSAF data from individual vendors' CSAF URLs.
    • Support of importing CSAF data through advisories or using the APIs. For more information, see Import Common Security Advisory Framework data from advisories.
    Note:
    Navigate to All > Vulnerability Response > Solutions > All to view the list of solutions you have imported using the preceding methods.

    The Vulnerability Response plugin takes care of updating the metrics statuses of the created solution.