Configuration Compliance release notes

  • Release version: Zurich
  • Updated December 9, 2025
  • 9 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance release notes

    The ServiceNow® Configuration Compliance application helps you quickly prioritize and remediate critical configuration-related vulnerabilities across your environment. The Zurich release introduces enhancements and new integrations to improve vulnerability and compliance management efficiency and scalability.

    Show full answer Show less

    Key Features

    • Unified Security Exposure Management (USEM) Upgrade: Customers can migrate from Configuration Compliance to USEM for unified exposure management.
    • Integration with Wiz: Import issues and configuration test results from Wiz scanners into Configuration Compliance. Includes new resource type filtering and backfill integrations to process missing assets.
    • Remediation Task Rule Execution Modes: Choose between "Match First" to assign each finding to a single remediation task, or "Match All" to apply all matching rules.
    • Optimized Tenable.io Compliance Results: Separate integrations for Fixed and Open Compliance Results based on status, improving ingestion performance and scalability in large environments.
    • Qualys Integration Enhancements: Updated to support newer API versions and ingest additional vulnerability metadata and cloud information. Allows API version selection and configuration of test result granularity.
    • Unified Microsoft Defender Integration: Consolidates Microsoft Defender for Cloud and Threat and Vulnerability Management plugins into a single plugin with container image vulnerability ingestion and guided migration.
    • Improved Remediation Task and Vulnerable Item State Management: Refinements in state roll-up/roll-down logic enhance accuracy, reduce manual effort, clarify ownership, and streamline workflows.
    • New Configuration Options: Limit maximum rows in related lists for better performance and readability; configure granularity of Tenable and Qualys test results for enhanced visibility.
    • Accessibility: Introduction of a dark theme option in the new Coral theme for web and mobile user interfaces.

    Important Upgrade and Activation Information

    • Configuration Compliance is available through the ServiceNow Store; installation and third-party integrations require requesting the app from the store.
    • For customers not migrating to USEM, install versions below v30.x and upgrade compatible third-party integrations accordingly.
    • Backdate Wiz primary integrations by three days and run them when updating to version 1.1 due to deprecation of the Missing Assets table.
    • Review compatibility matrices and release schema changes to ensure smooth upgrades.

    Practical Benefits for ServiceNow Customers

    With these Zurich release enhancements, ServiceNow customers can expect more efficient vulnerability ingestion and remediation processes, better integration with leading security tools (Wiz, Tenable.io, Qualys, Microsoft Defender), and improved accuracy in vulnerability state management. The ability to customize rule execution modes and test result granularity allows tailored workflows that fit organizational needs. Additionally, the unified Microsoft Defender plugin and optimized integrations help reduce complexity and improve visibility across your security posture.

    The ServiceNow® Configuration Compliance application enables you to prioritize and remediate the most critical configuration-related vulnerabilities in your environment quickly and efficiently. Configuration Compliance was enhanced and updated in the Zurich release.

    Configuration Compliance highlights for the Zurich release

    • If you are currently using Configuration Compliance and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management release notes for more information about USEM and the Unified Security Exposure Management migration.
    • Import Wiz issues and configuration test results from the Wiz scanners into test results in the Configuration Compliance application with the Vulnerability Response Integration with Wiz.
    • With the sn_vulc.remediation_owner role, create remediation tasks manually in the IT Remediation Workspace.
    • With the sn_vulc.admin role, create remediation tasks manually in the Vulnerability Manager Workspace.

    See Configuration Compliance for more information.

    Important:
    Configuration Compliance is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Configuration Compliance to Zurich

    If you are currently using Configuration Compliance, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Configuration Compliance and for upgrades to supported third-party integration applications.

    The Missing Assets [sn_vul_wiz_missing_asset] table used for storing assets imported by the backfill integrations for the Vulnerability Response Integration with Wiz is deprecated. If you are currently using the Vulnerability Response with Wiz integrations, after updating to version 1.1, you must backdate any of your existing Wiz primary integrations by three days and run them. Please review more information about the Wiz integration at SecOps articles on the Security Operations Community.

    For more information about the released versions of the Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Zurich release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    New in the Zurich release

    Remediation task rule execution mode
    You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
    Optimized Tenable.io Compliance Results ingestion
    Starting with v 6.1.3, the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
    Qualys Integration – API enhancements
    Qualys Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields, including vulnerability detection source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new posture_api_version integration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations.
    Unified Microsoft Defender Integration for Security Exposure Management
    The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
    Enhancements to the Vulnerability Response Integration with Wiz

    The Missing Assets [sn_vul_wiz_missing_asset] is deprecated. After updating to version 1.1, you must backdate your existing primary Wiz integrations by three days and run them.

    The backfill integrations are activated by default.

    After you backdate and run your integrations, the following backfill integrations are no longer required:
    • Host Vulnerability Backfill Integration
    • Test Results Backfill Integration
    • Host Test Results Backfill Integration
    • Issues Backfill Integration

    The [is_ignored] column is deprecated for the Host Test Results and Test Results Integrations. This column was replaced by the [is_result_ignored] column.

    Source severity is mapped to the Priority column on the Test Results [sn_vulc_result] table.

    Resource type filters are on the Test Results, Issues, and Host Test Results configuration tabs on the Wiz Configuration page. You can add any of the resource types listed.
    Note:

    If you configure resource types on the Resource Type Configuration tab, and you choose to configure parameters on the integration instance records, your configurations on integration instance take precedence over your settings on the Resource Type Configuration tab. See Identify Wiz Resource types for more information.

    Additional attributes imported from Wiz that are not stored in the Discovered items [sn_sec_cmn_src_ci] table are stamped with Asset Attributes in this table.

    Test results from the Host misconfiguration integration are classified as result type 'host_misconfiguration'.

    Data for resources that have the validated_at_runtime flag set to 'yes' is imported and populated on detections.

    The is_ignored column is deprecated on the Host Test Results and Test Results Integrations. This column was replaced by the is_result_ignored column.

    The CMDB internet-facing field on the discovered item is mapped to Limited Internet Exposure on findings.

    Column length for the descriptions in the Host Vulnerability import table has been increased.

    Qualys parameter to ignore passed test results
    Starting with v15.2.5 of Configuration Compliance, the ignore_passed_result integration instance parameter for the Qualys Integration for Security Operations has been added.

    This parameter is set to false by default so that passed test results imported by Qualys are not ignored.

    Set the parameter to true to ignore passed test results on import.
    Note:
    If activated, this parameter does not impact closure of the test results. For example, if you activate the parameter, and a failed test result from a previous import has since passed, it will be closed correctly.
    Identify Wiz Resource Types for import

    Identify the Resource Types (assets) reported by Wiz in your environment on the Wiz Integration Resource Type configuration page in your ServiceNow AI Platform instance that you want to import.

    The Resource Types that you select apply to all the primary Wiz vulnerability and compliance integrations except the Wiz Container Vulnerability Integration.

    Wiz Backfill Integrations
    Retrieve and process data stored on the Wiz Missing Assets [sn_vul_wiz_missing_asset] table for missing assets that were not processed by the primary compliance integrations with specialized Wiz Backfill Integrations.
    • Test Results Backfill Integration
    • Host Test Results Backfill Integration
    • Issues Backfill Integration

    The Wiz Backfill Integrations are activated by default.

    Wiz Host Test Result Vulnerability Integration
    Import test results associated with the resource type, VIRTUAL MACHINE with the Wiz Host Test Result Vulnerability Integration. This integration is activated by default.
    The Wiz Configuration Compliance (Test Results) and Issues Integrations
    • Import configuration test results with the Wiz Configuration Compliance Integration (Wiz Test Results) to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
    • Import data with the Wiz Issues Integration that can help you identify assets that are involved in toxic combinations of vulnerabilities and misconfigurations. These findings are also mapped to CTRs with Wiz Issues labeled as the source to help you track and remediate assets that may pose complex multi-vector risks.

    Changed in this release

    Remediation task rule execution mode
    You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
    Optimized Tenable.io Compliance Results ingestion
    Starting with v[VERSION], the Tenable.io Compliance Results Integration is replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
    Qualys Integration – API enhancements
    Qualys Integration has been upgraded to support newer Qualys API versions across Host Detection, Host List, Knowledgebase, PC Controls, PC Policies, and PCRS integrations. The integrations now ingest additional data fields, including vulnerability detection source, authentication privilege status, active status for controls and policies, and cloud metadata, giving you better visibility into your vulnerability and compliance data. Use the new posture_api_version integration instance parameter to choose between the default v2.0 APIs or the newer v5.0 streaming APIs for the PCRS Policy Host and PCRS Test Results integrations.
    Optimized Tenable.io Compliance Results ingestion
    Starting with v[VERSION], the Tenable.io Compliance Results Integration is deprecated and replaced by the Tenable.io Fixed Compliance Results Integration and Tenable.io Open Compliance Results Integration. Compliance results are now imported based on their status, optimizing ingestion performance and scalability for environments with large volumes of compliance data while keeping remediation and compliance tracking aligned with the current state of findings.
    Configure Tenable test result granularity
    Starting with v15.6.1, you can configure the granularity of Tenable Configuration Test Results (CTRs) to split results into unique findings. For example, if a database has five instances, the system generates five distinct test results, one per instance, providing improved visibility into individual patching efforts.
    Configure Qualys Test Result Granularity
    Starting with v15.4.3, you can configure the granularity of Qualys Configuration Test Results (CTR) in configuration compliance and split CTRs into unique findings. For example, if a database has five instances, the system generates five distinct test results, one per instance, providing improved visibility into individual patching efforts.
    Configure maximum rows in related lists
    To improve readability and performance, you can now limit the number of rows shown in related lists on forms by setting the system property sn_vul_cmn.related_list.set_max_row.
    Improved state management for remediation tasks and vulnerable items
    State management logic for roll down of state from remediation tasks (RTs) to findings and roll up of state from findings to RTs has been refined across all modules. Updates improve accuracy by handling mixed item states (a combination of Deferred and Closed), supporting closure of tasks in sub-states like In-Review, and reopening tasks based on the Assigned To field. The update also improves handling of False Positive state transitions based on scanner results as source of truth. These enhancements reduce manual effort, clarify task ownership, and streamline remediation workflows.

    Activation information

    Install Configuration Compliance and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Accessibility information

    Dark theme
    The new Coral theme includes a dark theme option for web and mobile experiences. This option is commonly used to alleviate eye strain and improve readability.