For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI ReferenceRelease notes
DocumentationAPI ReferenceRelease notes
  • Platform Cloud
    • Overview
    • Cloud vs. on-prem
    • Architecture
  • Apps
    • FlowAI
      • Overview
      • Navigate
      • Configuration templates
        • Overview
        • Manage
          • Overview
          • Create a compliance plan
        • Use parsers
  • Resources
    • Itential Academy
    • Itential MCP
    • Accessibility conformance
    • Get support
    • FAQs
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • How compliance plans relate to Golden Configurations
  • Run compliance against a node vs. use a compliance plan
  • What compliance plans check
  • Compliance plan scope and RBAC
  • Next steps
AppsConfiguration ManagerGolden ConfigurationsCompliance Plans

Compliance plans overview

Was this page helpful?
Previous

Create a compliance plan

Next
Built with

Add-on product: Configuration Manager extends Itential Platform with configuration compliance and validation capabilities. It requires Itential Platform as a prerequisite. View platform overview.

A compliance plan defines the scope, schedule, and device targets for running configuration compliance checks across your infrastructure. Compliance plans use Golden Configuration trees as their source of truth and generate consolidated reports for audit and analysis.

How compliance plans relate to Golden Configurations

Golden Configuration trees define what a compliant device configuration looks like. A compliance plan defines which devices to check, how often to check them, and how to report the results.

The two constructs work together:

  • A Golden Configuration tree contains nodes, each with a baseline configuration, evaluation rules, and optional variables.
  • A compliance plan references one or more Golden Configuration trees and specific nodes within them, associates them with a set of devices, and runs compliance checks on a defined schedule.
  • A single Golden Configuration tree can be referenced by multiple compliance plans. For example, the same security baseline tree can be applied to different device groups on different schedules.

Run compliance against a node vs. use a compliance plan

You can run compliance checks directly from a Golden Configuration node, or you can run them through a compliance plan. The method you choose determines what reporting is available to you.

Direct node complianceCompliance plan
How to triggerNode menu → Run ComplianceScheduled or manual run from compliance plan
Best forAd-hoc checks during tree developmentScheduled, reportable compliance programs
Compliance dashboardNot availableAvailable after first execution
Trend reportingNot availableAvailable
Device-level drill-downNot availableAvailable
Audit trailNot availableAvailable

The compliance plan dashboard, trend reporting, device-level drill-down, and audit trail are available in Platform 6.4 and later. In earlier versions, compliance plans generate reports but don’t provide dashboard visibility.

What compliance plans check

Compliance plans execute checks against device configurations and generate reports based on how each plan is configured. Device selection supports individual devices, device groups, and—in Platform 6.4 and later—regex-based filtering and improved pagination for large inventories.

Compliance plan scope and RBAC

Your role-based access control (RBAC) permissions in Inventory Manager determine which devices you can include in a compliance plan. You can only create compliance plans against inventory you have access to.

Next steps

Create a compliance plan

Set up a new compliance plan

Compliance Plan Reporting

Understand dashboard metrics and drill-down views

Golden Configuration overview

Learn how Golden Configuration trees work