Setting up, installing, and configuring the Configuration Compliance application

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Setting up, installing, and configuring the Configuration Compliance application

    The Configuration Compliance application must be downloaded and installed from the ServiceNow® Store before use in your ServiceNow AI Platform® instance. It requires a separate subscription and specific setup steps to ensure smooth installation and proper configuration. This guide applies to the Zurich release version and outlines essential prerequisites and integration requirements.

    Show full answer Show less

    Key Setup Requirements

    • Required Roles: Installation and configuration require the System Administrator [admin] role to install the app and assign the Configuration Compliance Admin [snvulc.admin] role. The Configuration Compliance Admin manages configuration and result verification. The Remediation Owner [snvulc.remediationowner] role is for users who read and update assigned records and is assigned automatically to users with the itil role.
    • Third-Party Scanner Integration: To remediate configuration items, you must install at least one supported third-party scanner integration and complete a network scan. Vulnerability Response must be installed and activated prior to configuring these integrations.
    • Subscription Verification: Confirm that required integrations and subscriptions are active by navigating to Subscription Management > Subscriptions within your instance.
    • Qualys Vulnerability Integration: If using Qualys integration, ensure API credentials are correctly set in the Setup Assistant under Vulnerability Response. Credentials must be updated if they differ from existing ones.

    Next Steps

    After completing the setup checklist and verifying prerequisites, proceed to install the Configuration Compliance application. This ensures your instance is correctly prepared for compliance scanning and remediation tasks.

    Before you run the application in your ServiceNow AI Platform® instance, you must first download and install the Configuration Compliance application from the ServiceNow® Store. This application is available as a separate subscription.

    Complete the following setup checklist steps listed in the following table prior to installation. These setup tasks are required for a smooth installation and configuration.

    For more information about released versions of the Configuration Compliance application, as well as third-party and ServiceNow applications that are compatible with it, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the HI Knowledge Base.

    For more information about getting entitlements for store apps, see Security Operations and the ServiceNow Store.

    Table 1. Setup checklist tasks
    Setup tasks Description
    Verify that you have the required ServiceNow roles for your instance. The following roles are required for installation, configuration, and verification of expected results:
    • If not already assigned, the System Administrator [admin] installs the application and assigns the Configuration Compliance Admin [sn_vulc.admin] role.
    • The Configuration Compliance Admin [sn_vulc.admin] oversees configuration and verifies expected results.
    • The Remediation Owner [sn_vulc.remediation_owner] reads and updates assigned records. The sn_vulc.remediation_owner role is also automatically assigned when any user is assigned the itil role.
    Supported integrations

    Before you can use Configuration Compliance to remediate configuration items, you must install a third-party scanner integration and perform at least one network scan.

    Verify that the Vulnerability Response application is installed and activated prior to configuring supported third-party integrations. See Install Vulnerability Response.

    To verify that integration applications are installed and activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased.

    For more information about third-party integrations and a list of supported products, see Configuration Compliance integrations.
    Qualys Vulnerability Integration
    • If the Qualys Vulnerability Integration is already installed on your system, and your API credentials are different than the ones you want to use for Configuration Compliance, go into Setup Assistant (in Vulnerability Response) and assign them to each Qualys PC integration.
    • Navigate to Qualys Vulnerability Integration > Primary Integrations and edit the Qualys API Credentials field under the Qualys REST Details tab.

    For more detailed information on the Qualys Vulnerability Integration, see Understanding the Qualys Vulnerability Integration.

    You are now ready to install the Configuration Compliance application. See Install Configuration Compliance.