Configuration Compliance release notes

  • Release version: Xanadu
  • Updated September 29, 2025
  • 7 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance release notes

    The ServiceNow® Configuration Compliance application helps you prioritize and remediate critical configuration-related vulnerabilities efficiently. The Xanadu release introduces enhancements and new features that improve integration capabilities, user interface options, and remediation workflows within the Configuration Compliance and Vulnerability Manager Workspace environments.

    Show full answer Show less

    Key Features

    • Wiz Integration Enhancements: Identify and import Wiz resource types for vulnerability and compliance data, excluding container vulnerabilities. Utilize Wiz Backfill Integrations to retrieve and process missing asset data, activated by default.
    • Host Test Result Integration: Import vulnerability test results for virtual machines through the Wiz Host Test Result Vulnerability Integration, enabled by default.
    • Properties Module: A new module under Administration allows direct, user-friendly management of system properties affecting Configuration Compliance behavior.
    • Customizable Test Result Durations: Configure the calculation of Age and Age Closed durations from Created, Opened, or First Found dates.
    • Qualys Test Group Association: Enable a system property to link Qualys Tests with their Test Groups, facilitating clearer identification of test results within groups.
    • Remediation Target Date Calculation: Customize remediation target dates based on the Last Opened date of remediation tasks.
    • Vulnerability Manager Workspace Improvements:
      • Open search results and predefined filter links directly in Vulnerability Manager or IT Remediation Workspaces instead of Classic UI.
      • Users with the snvulc.read role can view test results in Vulnerability Manager Workspace.
      • Options to hide record counts on lists and enable automatic dashboard refreshes enhance usability.
      • Bulk editing capabilities include assigning test results, requesting exceptions, and marking false positives.
      • Re-evaluate remediation properties (assignments, tasks, target dates, exceptions, risk scores) for selected or all test results.
    • Compliance Metrics: View percentage CI compliance and test results compliance on Test Groups and CIs within Vulnerability Manager Workspace and Discovered Items lists.
    • Rollup Calculator Update: Introduces an alternative method for setting rollup weights beyond scripting.
    • Quick Start Tests: Run after upgrades or new deployment to verify Configuration Compliance functionality; customizable for tailored environments.
    • UI Updates: Renaming fields and buttons (e.g., “Is deprecated” to “Is imported”, “Mark Deprecated” to “Disable Imports”) and mapping Test Groups with Tenable and Microsoft Defender Tests improve clarity.

    Key Outcomes

    • Enhanced integration with Wiz, Qualys, Tenable, and Microsoft Defender improves data import accuracy and completeness.
    • Improved remediation tracking and flexibility through customizable date calculations and bulk actions streamline vulnerability management.
    • User experience is enhanced by workspace-focused navigation, automated dashboard refreshes, and simplified system property management.
    • Risk assessments are refined by calculating risk scores on passed tests and updating remediation task risk calculations to use average risk scores.
    • Security and governance improved by restricting test result deletion privileges to a granular role rather than admin, and by excluding retired assets from active policy evaluations.
    • Deprecated UI elements such as the Reason field and Close button in remediation tasks are removed to simplify workflows in both classic and workspace interfaces.

    The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance was enhanced and updated in the Xanadu release.

    Configuration Compliance highlights for the Xanadu release

    • Reevaluate the risk score, assignments, remediation target date, exceptions, and remediation task for a set of test results in Vulnerability Manager Workspace.
    • View the percentage of CI compliance and test results compliance on a Test Group in Vulnerability Manager Workspace.

    See Configuration Compliance for more information.

    Important:
    Configuration Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Xanadu release

    Identify Wiz Resource Types for import

    Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.

    The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.

    Wiz Backfill Integrations
    Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
    • Test Results Backfill Integration
    • Host Test Results Backfill Integration
    • Issues Backfill Integration

    The Wiz Backfill Integrations are activated by default.

    Wiz Host Test Result Vulnerability Integration
    Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
    New Properties module
    Starting with v15.1 of Configuration Compliance, a new Properties module has been added to the navigation menu under the Administration section. This module enables direct modification of the values, offering a user-friendly method to manage and update system properties directly from the interface.
    Customize the calculation of Age and Age closed durations of a test result
    Starting with v15.1 of Configuration Compliance, the Age and Age Closed durations of a test result can be configured to be calculated from the date in the Created, Opened, or First Found fields.
    Associating a Qualys Test with its Test Group
    You can associate a Qualys Test with its Test Group by enabling the sn_vulc.add_policy_as_key system property. This helps you to identify the Test Group to which a Test Result belongs to and differentiate Test records with the same Test id that are associated with different Test Groups.
    Calculate the remediation target date of a remediation task with respect to the Last Opened date
    Starting with v15.1 of Configuration Compliance, you can customize the calculation of the remediation target date of a remediation task to be calculated with respect to the Last Opened date.
    Open the search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI
    Starting with v24.0.6 of Vulnerability Response, automatically open your search results in the Vulnerability Manager Workspace or IT Remediation Workspace rather than the Classic UI, by adjusting the application scope in the unified navigation bar to Vulnerability Manager Workspace or IT Remediation Workspace respectively. These application scopes are available to you based on your assigned role.
    Vulnerability Manager Workspace access to the sn_vulc.read role
    Starting with v24.0.6 of Vulnerability Response, as a user with the sn_vulc.read role, you can view the test results in the Vulnerability Manager Workspace.
    Navigate to the List page in the Vulnerability Manager Workspace or IT Remediation Workspace by selecting the links from the All menu
    Starting with v24.0.6 of Vulnerability Response, when you enable the 'sn_vul_cmn_ws.navigate_to_workspace' system property, selecting predefined filter links in the Configuration Compliance module from the 'All' menu will automatically open these links in the List page in the Vulnerability Manager Workspace or IT Remediation Workspace based on your role.
    Hide the record count on the lists in the Vulnerability Manager Workspace and IT Remediation Workspace
    Starting with v24.0.6 of Vulnerability Response, you can hide the record count on the lists in the List page of the Vulnerability Manager Workspace and IT Remediation Workspace by adding the table names to the glide.ui.list.seismic.omit.count system property.
    Enable automatic refresh for the Home page dashboard in the Vulnerability Manager Workspace
    Starting with v24.0.6 of Vulnerability Response, when creating and editing filters on the Configuration Test Results tab on the Home page of the Vulnerability Manager Workspace, you can configure the widgets to refresh automatically. Otherwise, you can manually refresh the widgets by selecting the Refresh button on the Configuration Test Results tab.
    Re-evaluating remediation properties for all records in the Vulnerability Manager Workspace
    Starting with v24.0.6 of Vulnerability Response, you can evaluate the remediation properties for all the test results from the Configuration Test Results list by selecting the All items in the Record selection field of the Re-evaluate remediation properties modal in the Vulnerability Manager Workspace.
    Re-evaluate remediation properties for test results in the Vulnerability Manager Workspace
    Select the test results conditionally for reevaluating the following remediation properties in Vulnerability Manager Workspace:
    • Assignments
    • Remediation tasks
    • Remediation target date
    • Exceptions (Vulnerability Response v24.0.6)
    • Risk score
    Using bulk edit for test results in the Vulnerability Manager Workspace
    Perform the following tasks on multiple test results simultaneously or a remediation task in Vulnerability Manager Workspace:
    Populating additional information for the test results
    The Age, Age closed, Closed date, Active, and Last open date columns have been added in the test results table.

    The test results that aren’t in the Closed state are marked as true in the Active field. The Active field replaces the Result and State fields in the filter conditions of the default-saved filters across the All menu, Configuration Compliance Overview, Unified, Cybersecurity Executive, and Health dashboards.

    CI compliance and test results compliance on a Test Group in the Vulnerability Manager Workspace
    View the percentage of CI compliance and test results compliance on a Test Group in Vulnerability Manager Workspace.
    Enabling or disabling the test results import for a Qualys test group in the Vulnerability Manager Workspace
    Enable or disable the import of test results for a Qualys test group in Vulnerability Manager Workspace.
    Updating Rollup weights section in the roll up calculators
    Other than the script format, an alternative approach of adding the weights in the Rollup Weights section for the rollup calculators has been introduced.
    Percentage test result compliance in the Discovered Items table
    The percentage of test results compliance of a CI is populated in the % Test Results Compliance column of the Discovered Item. To populate this value in the % Test Results Compliance column, set calcTRComplianceForCI to true in the Update remediation metrics scheduled job.
    Quick Start Tests for Configuration Compliance

    After upgrades and deployments of new applications or integrations, run quick start tests to verify that Configuration Compliance works as expected. If you customized Configuration Compliance, copy the quick start tests and configure them for your customizations.

    UI changes

    Renamed the Is deprecated field in the Test Group form
    The Is deprecated field in the Test Group form is renamed to Is imported.
    Renamed the Mark Deprecated button to Disable imports in the Test Group form
    The Mark Deprecated button in the Test Group form is renamed to Disable Imports.
    Test Group mapping with Tests for Tenable and Microsoft Defender integrations
    The test groups are mapped with the Tests associated with the Tenable and Microsoft Defender integrations.
    View the test result compliance percentage of a CI in the Discovered Items list
    The percentage of the test results that are compliant with the tests associated with a Configuration Item (CI) is populated in the % Test Results Compliance column of the Discovered Item list. To populate this value in the % Test Results Compliance column, set the calcTRComplianceForCI parameter to true in the Update remediation metrics scheduled job.

    Changed in this release

    Test result and remediation task state transitions
    Enhancements to policy audits for Security Posture Control verify that retired assets are not evaluated by activated policies. If the state of an asset transitions from Retired back to Active, it is included in the next policy evaluation.
    Non-zero risk score for passed test results
    The risk score is calculated for passed test results to determine how much risk is mitigated.
    Deprecated the privilege to delete a test result for the Admin role
    As an admin with the sn_vulc.admin role, you can’t delete a test result. This privilege is now given to the sn_vulc.delete granular role.
    Updates to the Risk Score calculation for a Remediation Task
    The average risk score of all the test results in a Remediation Task is considered for the risk score calculation of a Remediation task.

    Removed in this release

    • The Reason field in the Resolve modal has been removed for a remediation task in the classic UI, Vulnerability Manager Workspace, and IT Remediation Workspace.
    • The Close button has been removed for a remediation task, in the classic UI, Vulnerability Manager Workspace, and IT Remediation Workspace.