Add-on product: Configuration Manager extends Itential Platform with configuration compliance and validation capabilities. It requires Itential Platform as a prerequisite. View platform overview
Compliance plans schedule and manage comprehensive compliance reporting across multiple Golden Configurations. Use them to maintain regular compliance checks and generate audit reports.
What are compliance plans?
Compliance plans orchestrate compliance checks across multiple Golden Configurations, device groups, and schedules. They provide centralized management for enterprise-wide compliance programs and generate consolidated reports for audit and analysis.
How compliance plans work
Compliance plans follow this process:
1Define scope
Select Golden Configurations and device groups to check
2Set schedule
Configure when compliance checks should run
3Execute checks
Run compliance across all defined scopes automatically
4Generate reports
Compile results into comprehensive compliance reports
5Distribute results
Send reports to stakeholders and archive for audit
Create a compliance plan
To create a new compliance plan:
1Open the create dialog
Click Create (+) in Configuration Manager
2Select compliance plan
Choose Compliance Plan from the dropdown
4Create
Click Create to open the compliance plan editor
Define what the plan should check.
Add Golden Configurations
To include Golden Configurations in the plan:
1Open the Scope tab
Navigate to the Scope section
2Add Golden Configurations
Click Add Golden Configuration
3Select configurations
Choose one or more Golden Configurations
4Specify nodes
- Select specific nodes, or
- Include entire tree
5Save selections
Click Save to add to the plan
Add device groups
To include device groups:
1Open the Groups section
Navigate to device groups in the Scope tab
2Add groups
Click Add Device Group
3Select groups
Choose one or more device groups
4Save selections
Click Save to add to the plan
Scope example:
Set compliance plan schedule
Configure when compliance checks run.
Schedule options
To set the plan schedule:
1Open the Schedule tab
Navigate to scheduling configuration
2Select frequency
Choose daily, weekly, monthly, or custom
3Set time
Define when checks should run (consider maintenance windows)
5Save schedule
Click Save to apply scheduling
Schedule examples:
Daily monitoring:
Weekly audit:
Define how compliance results are reported.
Report settings
To configure reports:
1Open the Reports tab
Navigate to report configuration
3Configure content
- Summary statistics
- Detailed device results
- Configuration diffs
- Trend analysis
4Set retention
Define how long reports are stored
5Save settings
Click Save to apply report configuration
Report content options
Distribute reports
To configure report distribution:
1Open the Distribution section
Navigate to report distribution settings
2Add recipients
Enter email addresses for report recipients
4Add integrations
Configure integration with ticketing or monitoring systems
5Save distribution
Click Save to apply settings
Run compliance plans
Manual execution
To run a compliance plan immediately:
1Open the compliance plan
Navigate to the plan in Configuration Manager
2Run now
Click Run Now in the plan toolbar
3Monitor progress
View real-time execution status
4Access results
View or download reports when complete
Scheduled execution
Compliance plans run automatically based on their schedule:
- Plan starts at scheduled time
- Compliance checks execute for all scoped items
- Reports generate upon completion
- Distribution occurs based on settings
- Results archive for audit purposes
View compliance plan results
Access plan reports
To view compliance plan results:
1Open the compliance plan
Navigate to the plan in Configuration Manager
2Open the Results tab
Click the Results tab
3Select a report
Choose a report from the execution history
4Review results
View summary and detailed compliance data
Understand report data
Compliance plan reports include:
Summary metrics:
- Total devices checked
- Compliant device count
- Non-compliant device count
- Compliance percentage
- Comparison to previous runs
Detailed results:
- Per-device compliance status
- Configuration differences
- Golden configuration alignment
- Remediation recommendations
Trend data:
- Compliance percentage over time
- Recurring non-compliance issues
- Improvement or degradation trends
- Device-specific compliance history
Manage compliance exceptions
Some devices may have approved deviations from Golden Configurations.
Document exceptions
To add an exception:
1Open the Exceptions section
Navigate to exceptions in the compliance plan
2Add exception
Click Add Exception
3Define exception
- Select device or device group
- Specify golden configuration node
- Describe the approved deviation
- Set expiration date (if temporary)
- Add approval documentation
4Save exception
Click Save to document the exception
Review exceptions
Periodically review documented exceptions:
1Open the Exceptions tab
View all current exceptions
2Check expiration dates
Identify expired or expiring exceptions
3Validate necessity
Confirm exceptions are still required
4Update or remove
Renew, modify, or remove exceptions as needed
Best practices
Plan scope strategically:
- Group related Golden Configurations together
- Align plans with audit requirements
- Consider network segmentation
- Balance scope size with execution time
Schedule appropriately:
- Run during maintenance windows
- Avoid peak usage times
- Stagger large plans across time periods
- Consider device impact and load
Manage reports effectively:
- Customize reports for different audiences
- Archive reports for audit requirements
- Automate report distribution
- Set appropriate retention periods
Handle exceptions properly:
- Require approval for all exceptions
- Document business justification
- Set expiration dates for temporary exceptions
- Review exceptions regularly
- Update golden configs when exceptions become standard
Monitor plan health:
- Track plan execution success rates
- Review execution duration trends
- Monitor for recurring failures
- Adjust scope or schedule as needed
Example: Enterprise compliance plan
Plan: Monthly Security Compliance Audit
Scope:
- Golden Config: Firewall Security Policy (all nodes)
- Golden Config: Switch Security Settings (all nodes)
- Golden Config: Router Security Baseline (all nodes)
- Device Group: Production Network
- Device Group: DMZ Devices
Schedule:
- Frequency: Monthly
- Day: First Sunday of each month
- Time: 12:00 AM EST
- Retry: 3 attempts
- Timeout: 6 hours
Reports:
- Format: PDF (executive) + CSV (detailed)
- Content: Summary, device details, diffs, trends
- Distribution:
- CISO: Executive summary PDF
- Network team: Detailed CSV
- Security team: Full PDF report
- Audit team: Archive all formats
Exceptions:
- Lab devices: Development configurations approved
- Legacy systems: EOL devices with documented risks
- Review cycle: Quarterly
Troubleshoot compliance plans
Plan execution fails
If a compliance plan doesn’t complete:
- Check golden configuration validity
- Verify device connectivity
- Review execution logs for errors
- Confirm adequate execution timeout
- Check for scheduler issues
Reports not generated
If reports don’t appear:
- Verify plan completed successfully
- Check report format configuration
- Review storage capacity
- Confirm report generation settings
- Check for template errors
Distribution fails
If reports don’t reach recipients:
- Verify email addresses
- Check email server configuration
- Review distribution logs
- Confirm integration settings
- Test with manual distribution
Next steps
