ServiceNow Security Operations collects scan data and makes it available to IRM Continuous Monitoring. The IRM Configuration Compliance application then matches failed configuration test results to assets in the ServiceNow Configuration Management Database (CMDB). The CMDB shows the business importance of each asset, providing a criticality assessment that is combined with other factors to automatically calculate a risk score used to prioritize failed results. Figure 5: The Configuration Tests tab shows the source used to collect configuration data Just like my Policy and Compliance dashboard displayed the failed controls, my IRM Risk dashboard displays the risks associated with these misconfigurations alongside other identified enterprise risks. And the IT manager can see the criticality level of the failed test results on the Configuration Compliance dashboard. Although I could have had each noncompliant control automatically generate an issue and Tech Tip: send it to the IT manager, I would rather When you identify review configuration several similar issues, test failures before use grouping to make routing issues to the tracking easier. appropriate person. Because the same control is failing across multiple assets, I9ve elected to group the issues under a single parent issue with a single remediation task before assigning the Figure 6: The Configuration Compliance dashboard is group to the IT dynamically updated based on new test results. manager. If this type of issue becomes a common occurrence, I may create a rule to automatically group similar issues under a predefined parent issue to automate the process. I can then track the parent issue to completion. IT will update the issue, so I will know whether the configuration change will happen during the next update cycle, when the security team or IT will review and approve the change. Each team has visibility into the current status of the change, the next steps, and who is responsible. When a subsequent scan shows the configuration issue has been remediated (in other words, there is no longer a configuration test failure), the control will again be compliant. When the IT manager closes the parent issue, providing proof that the remediation process was successful, all child issues will also close. 8