Configuration Compliance release notes

  • Release version: Washingtondc
  • Updated April 30, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance Release Notes Washington DC

    The ServiceNow® Configuration Compliance application, updated to version 14.12 in the Washington DC release, enables efficient prioritization and remediation of configuration-related vulnerabilities in your environment. This release enhances capabilities through integration with the Security Posture Control application, which requires a separate subscription.

    Show full answer Show less

    Key Features

    • Security Gaps Addressed: Automatically prioritize and resolve vulnerabilities detected by the Security Posture Control application.
    • Visual Analysis: New summary visualizations on the Vulnerability Manager Workspace landing page provide insights into active test results.
    • Policy Management: Close related test results when publishing a new policy version, with state transitions managed by the Configuration Compliance application.
    • False Positive Management: Raise false positive requests for multiple test results or remediation tasks from the Vulnerability Manager and IT Remediation Workspaces.
    • Risk Score Updates: Update risk scores of test results easily with the Calculate Risk Score button.
    • Vulnerability Landscape Analysis: Access visual summaries of active test results, including risk ratings and remediation progress on the Vulnerability Manager Workspace homepage.
    • Email Notifications: Records open directly in relevant workspaces when links in email notifications are clicked, based on user roles.
    • Quick Start Tests: Run quick start tests post-upgrade or deployment to ensure Configuration Compliance functionality, with options to customize tests as needed.

    Key Outcomes

    This release enables ServiceNow customers to better manage configuration compliance by streamlining vulnerability prioritization, enhancing visibility of test results, and improving workflow efficiency in handling false positives and risk assessments. Customers can expect improved operational efficiency and a more robust security posture as a result of these updates.

    Activation: Configuration Compliance can be installed via the ServiceNow Store. Visit the store for more information on available applications and installation requests.

    The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Version 14.12 of Configuration Compliance was enhanced and updated in the Washington DC release.

    Configuration Compliance highlights for the Washington DC release

    • Address security gaps in your enterprise environments detected through the Security Posture Control application by automatically prioritizing, assigning, and resolving them with the Configuration Compliance application workflow. The Security Posture Control application requires a separate subscription.
    • Analyze the overall impact of test results with summary visualizations of all or prefiltered active test results on the new Vulnerability Manager Workspace landing page.

    See Configuration Compliance for more information.

    Important:
    Configuration Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Washington DC release

    Enhancements to Security Posture Control version 3.0
    Close existing related test results (findings) if you publish a new version of a policy or delete a policy. If you choose to close test results, test result and remediation task states transition in accordance with the state transition processes of the Configuration Compliance application. See Test result and remediation task state transitions in the Security Posture Control application and Test result and remediation task state transitions in the Configuration Compliance application for more information.

    Editing activated policies is supported in Security Posture Control. Versions are tracked and version numbers are displayed on the policy record and its related test results in Configuration Compliance.

    Requesting false positive for a set of test results from the Vulnerability Manager Workspace and IT Remediation Workspace
    Raise a false positive request for a set of test results simultaneously from the remediation task (CRG#) in the Vulnerability Manager Workspace and IT Remediation Workspace.
    Requesting false positive for a remediation task (CRG#) from the Vulnerability Manager Workspace and IT Remediation Workspace
    Raise a false positive request for a remediation task from the Vulnerability Manager Workspace and IT Remediation Workspace.
    Setting up questionnaire for false positive requests
    Set up a questionnaire for the false positive request of Test Results and Remediation Tasks to acquire additional information about the requests.
    Updating the risk score in the Vulnerability Manager Workspace
    Update the risk score of a test result (TR) using the Calculate Risk Score button in the record view of a TR in the Vulnerability Manager Workspace as per vulnerability calculators.
    Analyzing the vulnerability landscape in the Vulnerability Manager Workspace
    Get an overall summary of the active test results through visual representation of risk ratings, remediation progress, assignment groups workloads, and records in remediation tasks on the Home page of the Vulnerability Manager Workspace.
    Acquiring the summary of a set of test results using filters
    Get the summary of a active set of test results by filtering those test results on the Home page of the Vulnerability Manager Workspace.
    Displaying records in workspaces upon clicking the links in email notifications
    When links are clicked in an email notification, records open in either the Vulnerability Manager Workspace or IT Remediation Workspace based on the user's role.
    Notifications on false positive and exception requests
    Receive notifications and reminders on change approval records with false positive and exception requests by setting approval expiry and reminder dates on the approval rules.
    Quick start tests for Configuration Compliance.

    After upgrades and deployments of new applications or integrations, run quick start tests to verify that Configuration Compliance still works. If you customized Configuration Compliance, copy the quick start tests and configure them for your customizations.

    Activation information

    Install Configuration Compliance by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.