Cloud Configuration Governance Policy form

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Cloud Configuration Governance Policy form

The Cloud Configuration Governance Policy form in ServiceNow enables customers to define and manage policies that govern cloud resource configurations. It provides detailed fields to specify the cloud provider, resource type, policy type, and how policy violations are reported. This form helps ensure cloud resources comply with organizational standards by allowing customers to create, customize, and enforce governance policies effectively.

Show full answer Show less

Key Features

Policy Identification: Define a unique policy name and provide a brief description to identify the governance rule.
Resource Specification: Select the cloud provider and the specific cloud resource type to be scanned. If a required resource type is missing, customers can create new resource types to extend coverage.
Policy Conditions:
- Support for multiple policy creation methods:
  - Condition Builder: A no-code interface for defining conditions using logical operators (AND, OR) with key-value pairs.
  - Integration Hub Flow: A low-code approach leveraging Integration Hub flows and configuration keys.
  - Script: A code-based method allowing advanced scripting with reusable script includes to implement complex policy logic.
- Access to a list of available configuration keys for the selected resource type to build precise conditions.
- Logical syntax support for defining compliance checks.
Audit Violation Reporting:
- Define how violations are reported by linking to a Violation Definition, which includes the violation name, severity, and description.
- If needed, customers can create new violation definitions directly from the form.
- The policy can specify severity levels, defaulting to the violation definition’s severity if none is selected.
- Note that custom audit result records created through scripting bypass the standard audit violation reporting settings.

What This Enables for ServiceNow Customers

ServiceNow customers can use the Cloud Configuration Governance Policy form to enforce cloud resource compliance consistently across multiple cloud providers and resource types. By leveraging no-code, low-code, and code-based policy creation methods, customers gain flexibility to meet simple to complex governance requirements. The integrated audit violation reporting ensures that non-compliant configurations are tracked and managed with appropriate severity, supporting continuous cloud security and governance practices.

The Cloud Configuration Governance Policy form displays detailed information about the policy such as cloud provider, resource type, policy type, and policy violation reporting settings.


Field	Description
Policy name	Name that uniquely identifies the policy.
Description	Brief description of the policy.

Resource type

Define the resource type for which you want to create the policy.


Field	Description
Cloud provider	Cloud that hosts the resources to be scanned.
Resource type	Cloud resource type to be scanned through the policy. If the required resource type is not available, you can create a resource type. For more information, see Create a resource collector.

Policy condition

Define the policy type and the non-compliant resource configuration.


Field	Description
Type	Cloud Configuration Governance supports the following types: Condition builder: The no-code method for creating policies. Integration Hub Flow: The low-code method for creating policies. Script: The code-based method for creating policies. Select the show available keys icon () to view the list of all available configuration keys for the selected resource type. You can use any of the keys in the policy.
Condition	Conditions for reporting the non-compliant cloud resource configuration. Always specify the key and value in a pair. Use the OR operator and the AND operator to perform logical operations in the policy condition. Syntax `Key is <key_name> <data_type> Value <condition> <value>` For example, `Key is AWS:IAM:User:PasswordEnabled Boolean Value is true` This field appears only when Condition Builder is selected from the Type field.
Configuration key	Configuration keys for the policy. This field appears only when Integration Hub Flow is selected from the Type field.
Integration flow	The appropriate Integration Hub flow. This field appears only when Integration Hub Flow is selected from the Type field.
Condition script	Script that implements the policy conditions to identify and report the policy violations. Cloud Configuration Governance contains several scriptable objects and variables for use in the policy scripts. For more information see, Scripting reference. You can create script includes to externalize the decision making and reuse the code across different scripts. For more information on creating the script includes, see Script includes. Note: If you create a custom audit result record through the script, then the Audit Violation Reporting configuration defined in the policy doesn’t take effect. This field appears only when Script is selected from the Type field.

Audit violation reporting

Define how Cloud Configuration Governance reports the policy violation.


Field	Description
Report violation as	Violation definition to be included in the audit violation report. Cloud Configuration Governance uses the violation definition to report the policy non-compliances. If an appropriate violation definition is not available, you can create one as follows: Select the lookup using list icon (). Select New. Enter a name that uniquely identifies the violation definition. Cloud Configuration Governance includes the name of the violation definition in the audit issue report. Select the default severity for the violation definition. (Optional) Enter a brief description of the violation.
Severity	Severity level of the violation. If you do not select the severity level in the policy, Cloud Configuration Governance uses the default severity defined in the violation definition.