Policies included with the Security Posture Control application

Release version: Zurich

Updated August 18, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Policies included with the Security Posture Control application

The Security Posture Control (SPC) application includes a set of predefined policies designed to address key security use cases and provide critical insights on the SPC dashboard. These policies are initially deactivated and cannot be edited directly but can be cloned to create custom policies tailored to your organization's security monitoring needs.

Show full answer Show less

These policies help you monitor security controls coverage, identify unmanaged devices, detect risky combinations of security weaknesses, and support SPC API integrations for mitigation controls monitoring.

Viewing and Using Included Policies

Access the built-in policies via Workspaces > Security Posture Control > Policies and findings > All.
Activate policies to start receiving findings; they are deactivated by default.
Policies cannot be edited directly but can be cloned to create custom or child policies.
Cloned policies do not appear as key insights on the default dashboard but can have findings configured for remediation and custom insights or reports created.
Custom insights for cloned or custom policies must be created in the Custom insight builder module to display data on the Custom insights dashboard.

Included Policy Categories

Monitoring security controls coverage for tools like endpoint protection and vulnerability scanners.
Identifying unmanaged devices within the environment.
Detecting toxic combinations involving critical security gaps such as missing controls or internet exposure.
Supporting SPC API integrations for mitigation controls monitoring.

Asset Profiles and Tool Coverage

The application also includes asset profiles and policies to identify configuration and coverage gaps for key security tools such as:

CrowdStrike
Microsoft Intune, Defender, and SCCM
HCL BigFix
Qualys
Rapid7

Activating these asset profiles and policies allows you to gain insights into your overall security posture and identify areas requiring attention.

Creating Custom Policies

ServiceNow customers can create custom policies from scratch or by cloning existing policies to align monitoring with internal security requirements. Detailed guidance is available on:

Creating and activating custom policies within SPC.
Examples of base, child, and cloned policies to use as templates.
Mitigation controls policies for monitoring remediation efforts.

Custom policies enable tailored security posture management beyond the default application offerings.

There are a few policies that are included with the Security Posture Control application that are tied to important use cases and are ultimately shown as key insights on the dashboard on the landing page (Home module) in the SPC Workspace.

Viewing policies

To view these policies, navigate to Workspaces > Security Posture Control > Policies and findings > All.

These policies are deactivated by default. You must activate them before you can view returned results (Findings). You cannot edit these policies, but you can use them to help you create other policies by cloning their conditions as a starting point. See Clone a policy or create a child policy in Security Posture Control for more information.

You can clone these policies to create your own custom policies but note that any policies you clone are not reflected as key insights on the dashboard on the Home landing page with the key insights that are included with the application. However, you can configure findings for these cloned policies and see the returned results from these policies.

You can configure custom insights or reports for the cloned policies, or, alternatively configure findings for these cloned policies to manage remediation. You can also create your own custom policies from scratch to monitor security controls coverage as per your internal requirements.

The policies shipped with the application include the following categories:

Policies that monitor security controls coverage (endpoint protection and vulnerability scanner).
Policies that identify unmanaged devices.
Policies that monitor toxic combinations that involve critical combinations such as missing security controls, internet exposure, and so on.
Policies for SPC API Integrations for Mitigation Controls Monitoring.

After you clone and activate any policies you create, you must create your own custom insight record on the Custom insight builder module in the workspace (the last module in the navigator panel). Only then can you view the data from your policies on the Custom insights dashboard (the second icon from the top in the workspace).

Policies and asset profiles included with the application

Get insights into your overall security posture and configuration gaps in your security tools using the policies and asset proﬁles that are included with the application. Activate these asset proﬁles and policies in the Security Posture Control workspace so that you can identify gaps in configuration or coverage of the following tools:

CrowdStrike
Microsoft Intune, Defender, and SCCM
HCL Big Fix
Qualys
Rapid7

Creating your own policies

See Creating your own policies in the Security Posture Control application for more information about how to create your own policies.

For example policies, see Examples of base, child, and cloned policies for Security Posture Control.

See Create and activate custom policies for Security Posture Control for more information about the steps required to create a policy.

See Mitigation controls policies for more information for more information about policies used for mitigation controls monitoring.

Included policies

Zurich Security Management