DevOps Accelerator plugin

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of DevOps Accelerator plugin

TheDevOps Acceleratorplugin is an application designed for ServiceNow customers to evaluate compliance with DevOps policies and Governance, Risk, and Compliance (GRC) control objectives. It integrates with the Policy as a Code Engine (PaCE) to map control objectives from various regulations and standards—including CIS controls, NIST 800-53, ISO 27002, PCI DSS—against DevOps policies. This integration helps DevOps managers monitor compliance status, visualize evidence from PaCE executions, and manage exceptions effectively.

Show full answer Show less

Important: The DevOps Accelerator plugin is deprecated, no longer supported, and not available for new activations. Customers should refer to the official deprecation documentation for further details.

Key Features

Control Objective Mapping: The plugin maps control objectives from multiple GRC frameworks to DevOps policies provided by the DevOps Config Policy Content Pack.
Integration with GRC Plugins: It depends on several GRC plugins—Cybersecurity Controls Accelerator (CIS), Unified Compliance Framework (UCF), and Continuous Authorization and Monitoring (CAM)—to provide comprehensive compliance data.
Data Management: The relationships between control objectives and PaCE policies are stored in the Control objective to items table, linking control objectives with corresponding DevOps policies.
Staging and Processing: Mapping data is initially loaded into a staging table in a Pending state. A scheduled daily job processes this data, moving valid records into the main mapping table and updating their status to Processed.

Practical Considerations for ServiceNow Customers

Ensure the prerequisite plugins are installed, including the DevOps Config Policy Content Pack and relevant GRC plugins, to have complete control objective data available.
Understand that if key GRC plugins are missing, some control objective data will not be available in your instance.
Be aware that not all GRC control objectives will map to every PaCE policy, so compliance coverage may vary.
Automated jobs handle the synchronization of control objective-policy mappings, reducing manual effort in maintaining compliance relationships.
Since the plugin is deprecated, evaluate alternative approaches for DevOps compliance and policy integration to ensure ongoing support and updates.

GRC: DevOps Accelerator is an application that enables your customers to evaluate the compliance for DevOps policies and GRC control objectives integrating with Policy as a Code Engine (PaCE).

Important:

GRC DevOps Accelerator is now deprecated and no longer supported or available for new activation. For details, see the Deprecation process [KB0867184] article in the Now Support Knowledge Base.

GRC: DevOps Accelerator (com.sn_grc_devops) plugin maps the control objectives drawn from regulations, standards, and frameworks, such as CIS controls, NIST 800-53, ISO 27002, PCI DSS, and others with DevOps Policy as a Code Engine (PaCE). The DevOps policies are provided by the DevOps Config Policy Content Pack.

With this integration you can evaluate the compliance status. The integration also enables the DevOps managers to monitor control compliance, visualize evidence of PaCE execution, and manage exceptions.

Pre-requisites for DevOps Accelerator

Hierarchy of PaCE-related plugins and CDM-related plugins.
DevOps Config Policy Content Pack provided by PaCE.
GRC plugins: GRC: Cybersecurity Controls Accelerator, GRC: Compliance UCF, and GRC: Continuous Authorization and Monitoring.

Note:

GRC: DevOps Accelerator (com.sn_grc_devops) is dependent on DevOps Config Policy Content Pack and GRC: Policy and Compliance Management. However, if GRC: Cybersecurity Controls Accelerator (CIS), GRC: Unified Compliance Framework (UCF), and GRC: Continuous Authorization and Monitoring (CAM) plugins are not installed on the instance, then the staging data relevant to the control objectives from these plugins would not be available on installing GRC: DevOps Accelerator.

GRC: DevOps Accelerator plugin maps the relationship between PaCE policies and control objectives.

Note:

Not all GRC control objectives may have a relationship with every PaCE policy.

Populating control objective and PaCE mapping data from the instances to staging table

Control objective to items mapping table: As part of DevOps accelerator, the mapping relationships between control objectives and PaCE policies are shipped to the customers. The relationship is captured in Control objective to items [sn_compliance_control_objective_item] table, where the Control objective column and Item record column, which is the PaCE policy, list the data.

For CAM and CIS, the sys IDs of the control objectives map with the DevOps policy sys IDs. However, for UCF the source ID of the control objective imported from the Shared List is mapped with the DevOps policy sys ID.

The data in the DevOps policy to control objective staging [sn_grc_devops_policy_control_objective_staging] table is shipped in Pending status. The data is populated in the staging table based on the applications that are installed in the instance. The data is not processed if the control objective and the PaCE policy do not exist in the instance.

Scheduled job to move data from the staging to the main table

A daily job (Import DevOps policy to Control Objective mapping from staging) runs after the applications and the DevOps accelerator are installed to add the records to the Control objective to items (sn_compliance_control_objective_item) table. If the record is successfully added to the mapping table, then the status of the record in the staging table moves to Processed. If a control objective is not populated or present in the application, then the record is not processed but is in Pending status.