Using the Security Posture Control workspace

  • Release version: Zurich
  • Updated August 18, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using the Security Posture Control workspace

    The Security Posture Control (SPC) workspace in ServiceNow Zurich release enables customers to configure, monitor, and analyze imported asset data to assess and improve their security posture. It offers role-based access, supporting detailed control over permissions for administrators, analysts, and read-only users. The workspace integrates with supporting applications like Configuration Compliance and Vulnerability Response for comprehensive security management.

    Show full answer Show less

    Roles and Permissions

    • SPC Admin Group: Full read/write access including licensing information; includes granular roles such as security admin and configuration roles.
    • SPC Analyst Group: Full read/write access excluding licensing info; suitable for operational analysts.
    • SPC Analyst Read Only Group: Read-only access excluding licensing info; ideal for users who need visibility without modification rights.
    • Supporting Roles: Includes Configuration Compliance Admin, Vulnerability Response Admin, and MID Server roles necessary for configuration and data integration.

    Key Modules of the Workspace

    • Home: Dashboard with visualizations and insights to monitor overall security posture and report to stakeholders.
    • Configured Insights: Allows creation and activation of customized data visualizations based on asset data.
    • Asset Search: Enables precise querying of assets using defined conditions, which can be saved as policies.
    • Asset Profiles: Lets you define asset categories to tailor policies and filter insights effectively.
    • Policies and Findings: Manage and activate built-in or custom policies that audit assets for compliance and identify findings mapped to Configuration Compliance for remediation.
    • Connectors and Use Cases Setup: Manage Service Graph Connectors and API integrations that import asset data, and configure use cases to detect specific tool coverage gaps.
    • Custom Insight Builder: Build custom visual reports tied to policy audit results for enhanced monitoring.

    Identifying Security Tool Coverage Gaps

    SPC helps identify gaps in security tool coverage by:

    • Setting up and activating integrations via Service Graph Connectors or APIs to import asset data.
    • Performing asset searches to create accurate inventories for policy targeting.
    • Activating built-in or custom policies to audit assets and identify coverage gaps as findings.
    • Using configured insights to monitor asset security status and mitigation effectiveness.
    • Automating remediation workflows through Configuration Compliance by assigning findings to relevant teams.

    The system detects assets missing coverage from specific security categories and reports these as findings for prioritized remediation.

    Creating and Managing Policies

    Customers can create, clone, edit, and activate policies to tailor asset audits for their environment. Policies drive the detection of potential violations and are critical for generating insights and findings. Guidance and examples are available within the application to assist with policy creation and activation.

    The Security Posture Control workspace contains the modules you use for configuring, using, and monitoring the imported data about your assets.

    Roles

    SPC Admin Group
    Users in this group have full read and write access to all the records for the product, including licensing information. Granular roles for this group include: [sn_sec_caasm.analyst, sn_sec_caasm.caasm_security_admin, and sn_sec_spc_core.configure].
    SPC Analyst Group
    Users in this group have full read and write access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user and sn_sec_spc_core.analyst].
    SPC Analyst Read Only Group
    Users in this group have full read access to all the records for the product but cannot view licensing information. Granular roles for this group include [pa_power_user, sn_sec_spc_core.analyst_read, sn_sec_caasm.read, and cmdb_ms_user].
    Supporting application roles
    The following roles are required by the applications that support SPC and Asset Security Posture Management.
    • Configuration Compliance Admin [sn_vulc.admin] - Configures the Configuration Compliance application, has visibility to all records, and can modify properties. Assigns roles in the Configuration Compliance application.
    • Vulnerability Response Admin [sn_vulc.admin] - Configures the Vulnerability Response application and the vulnerability risk calculators.
    • MID Server [mid_server] - Configures a MID Server.

    The modules of the workspace

    To access the workspace, navigate to Workspaces > Security Posture Control The Home (landing page) is displayed. The Security Posture Control workspace contains the following modules.

    Table 1. Modules
    Module Description
    Home

    View data visualizations and other information in the Overview, Key insights, and Key use case coverage sections to help you monitor your assets.

    The information provided on this page permits you to report on the status of your overall security posture to IT, IT and security managers, and other key stakeholders.

    See Key insights and configured insights for Security Posture Control and Policies for Security Posture Control.
    Configured insights

    View the data visualizations about your assets that you create, configure, and activate.

    See Key insights and configured insights for Security Posture Control.
    Asset search

    Quickly search for assets in your environment based on conditions you set.

    Verify that you can locate assets with a set of conditions before you commit those conditions to a policy. You can refine these searches so you get a preview of assets that meet your search criteria. When you are ready, you can save your conditions as a policy.

    See Create an asset search in Security Posture Control.
    Asset profiles

    Create and define asset profiles to monitor different categories of devices with your SPC policies. Incorporate your asset profiles into your policies so you can run policies for specific types of assets. Filter the insights in the Configured Insights dashboard so they are based on your asset profiles.

    See Create an asset profile in Security Posture Control.
    Policies and findings

    Create, clone, edit, and activate policies. There are policies that are included with the application, and you can create your own.

    Policies audit your assets to find matches for potential violations. Insights, visualizations, and use cases depend on policies. See Policies for Security Posture Control.

    Assets that match policy conditions are reported as Findings and are mapped to the Configuration Compliance application for remediation. See Security Posture Control: Configuring and viewing your findings.
    Connectors and use cases setup

    Activate and view the status of installed service graph connectors (SGC)s and API integrations. Service Graph Connectors and API integrations are sources you use for importing data about your assets.  A wide variety of (SGC)s are supported and are available from the ServiceNow® Store.

    Set up and monitor key use cases. Use cases are different scenarios that you configure to help you identify specific types of tool coverage gaps. Each use case requires a policy or policies to audit your assets for potential violations.

    See Use cases, policy examples, and supported service graph connectors in Security Posture Control.
    Custom insight builder

    Create your own data visualizations. Custom insights provide you with visual reports that are updated by the audit results of your policies and imported data.

    Once you activate them, your custom insights are displayed on the dashboard in the Configured insights module. You can determine where data for an insight is displayed on the dashboard by using Groups.

    See Create and activate a configured insight for Security Posture Control.

    Using the modules of the workspace to identify gaps in tool coverage

    Identifying security tool gaps requires you to perform the following steps.

    1. Set up and activate API connections with any of the tools that you are using in various categories. You can use Service Graph Connectors for products that are available from the ServiceNow Store for the API connections that are required. For more information about the supported service graph connectors, see Service Graph Connectors for Security Posture Control and Service Graph Connectors. Supported service graph connectors are available from the ServiceNow® Store with separate subscriptions.
    2. Perform one or more asset searches based on specific criteria to get an inventory.
    3. Activate the policies shipped with the Security Posture Control application. You can also or create your own policies and activate them based on the results of your asset searches.
    4. Create and activate your own configured insights to help you monitor your assets.
    5. To gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured, see Using mitigation controls monitoring with Security Posture Control.
    6. Set up rules to automate the remediation workflow in the Configuration Compliance application.

    Identifying security tool gaps involves the following steps:

    1. Activate the policies shipped with the Security Posture Control application. The Security Posture Control product finds security tool gaps by performing the following tasks:
      1. Identifies the list of all unique assets populated by various Service Graph Connectors in the CMDB.
      2. Identifies assets that are not reported by specific categories from this asset pool, for example, Endpoint Protection. Assets are identified based on the active policy that is being evaluated.
      3. Assets identified as not reported by specific categories are reported as ‘Findings’ or ‘Test Results’ in the Configuration Compliance application.
    2. Automatically assign ‘Findings’ to different teams for remediation with the Configuration Compliance application.

    Creating your own policies

    See Creating your own policies in the Security Posture Control application for more information about how to create your own policies.

    See Create and activate custom policies for Security Posture Control for more information about the steps required to create a policy.

    For example policies, see Examples of base, child, and cloned policies for Security Posture Control.