AppsConfiguration ManagerGolden ConfigurationsCompliance Plans

Create a compliance plan

Add-on product: Configuration Manager extends Itential Platform with configuration compliance and validation capabilities. It requires Itential Platform as a prerequisite. View platform overview

A compliance plan defines which Golden Configuration trees to check, which devices to check them against, and when to run those checks. Configuration Manager provides two ways to create a compliance plan: a new creation form introduced in Platform 6.4, and the Compliance Plan create dialog available in all Platform 6 versions.

Before you begin

Before creating a compliance plan, confirm that you have:

  • At least one Golden Configuration tree with nodes defined. See Golden Configuration overview.
  • Access to the devices you want to include. Your RBAC permissions in Inventory Manager determine which devices are available to you.

Create a new compliance plan

Platform 6.4+

The compliance plan creation form is a single-page form that lets you define plan details and select Golden Configurations, nodes, and devices before creating the plan.

The creation form is only available after enabling useNewComplianceView for Configuration Manager in Admin Essentials.

1

Open the creation form

In Configuration Manager, navigate to Compliance Plans and click + New Compliance Plan. The Create a new compliance plan page opens.

2

Enter plan details

Enter the following:

FieldRequiredDescription
NameYesA unique, descriptive name for the plan
DescriptionNoThe plan’s purpose or scope
3

Select Golden Configurations and nodes

Select one or more Golden Configuration trees. After selecting a tree, choose which nodes to include. You can select individual nodes or include the entire tree.

If a node uses variables, the form prompts you to provide values for each required variable. Repeat this process for each additional Golden Configuration tree you add.

The same Golden Configuration tree can be used with different variable values across different compliance plans. Variable values are configured per plan, not per tree.

4

Select devices

Select devices using the following methods:

Individual devices tab: Browse and select devices directly. To filter the list, enter a regex pattern in the filter field and click Apply Filter. Use Select All to select all devices across all pages.

Device groups tab: Select pre-defined device groups for bulk selection. If a device appears in both an individual selection and a group selection, the system deduplicates automatically. You can deselect individual devices after adding them via a group.

The following filter attributes are always available, regardless of inventory source:

AttributeNotes
NameRequired field in Inventory Manager
HostRequired field in Inventory Manager
Device OS
Port

The device filter in compliance plans is managed by Compliance Manager, not Inventory Manager. This makes device selection agnostic to the inventory source (for example, NSO, IAG, or Inventory Manager).

5

Create the plan

Click Create Plan to save and activate the plan.

Schedule when a compliance plan runs in Operations Manager. For more information, see Use compliance reports.

Use the Compliance Plan create dialog

The Compliance Plan create dialog is available in all Platform 6 versions.

1

Open the Create dialog

In Configuration Manager, click the Create (+) button in the top toolbar.

2

Select Compliance Plan

In the Create dialog, select Compliance Plan from the dropdown.

3

Configure basic settings

Enter the following:

  • Name: A unique name for the plan (required)
  • Description: An optional description
  • Plan owner: The user responsible for the plan
4

Create

Click Create to open the compliance plan editor.

Configure compliance plan scope

Define which Golden Configurations and device groups the plan checks.

Add Golden Configurations:

1

Open the Scope tab

Navigate to the Scope section in the compliance plan editor.

2

Add a Golden Configuration

Click Add Golden Configuration and select one or more trees.

3

Specify nodes

Select specific nodes to include, or include the entire tree.

4

Save

Click Save to add the selection to the plan.

Add device groups:

2

Add a device group

Click Add Device Group and select one or more groups.

3

Save

Click Save to add the selection to the plan.

Set a schedule

Configure when compliance checks run.

1

Open the Schedule tab

Navigate to the Schedule section.

2

Select a frequency

Choose a schedule type:

Schedule typeWhen to use
DailyRegular ongoing monitoring
WeeklyLess frequent periodic checks
MonthlyMonthly audit cycles
QuarterlyRegulatory compliance periods
On-demandAd-hoc compliance verification
3

Set the time

Define when checks should run. Consider maintenance windows and device load.

4

Configure additional options

Set the timezone, retry behavior, and timeout limits as needed.

5

Save

Click Save to apply the schedule.

Platform 6.4+

If you enabled the new Compliance Plans view in Admin Essentials, schedule compliance plans in Operations Manager instead. See Use compliance reports.

Configure compliance reports

1

Open the Reports tab

Navigate to the Reports section.

2

Select a report format

Choose PDF, CSV, JSON, or HTML.

3

Configure content

Select the content to include: summary statistics, detailed device results, configuration diffs, or trend analysis.

4

Set retention

Define how long to store reports.

5

Save

Click Save to apply the report configuration.

Configure report distribution

1

Open the Distribution section

Navigate to report distribution settings.

2

Add recipients

Enter email addresses for report recipients.

3

Configure delivery

Set delivery time, format preferences per recipient, and notification preferences.

4

Save

Click Save to apply distribution settings.

Manage compliance exceptions

Some devices may have approved deviations from Golden Configurations.

Add an exception:

1

Open the Exceptions section

Navigate to Exceptions in the compliance plan.

2

Add an exception

Click Add Exception.

3

Define the exception

Select the device or device group, specify the Golden Configuration node, describe the approved deviation, set an expiration date if applicable, and add approval documentation.

4

Save

Click Save to record the exception.

Review exceptions:

1

Open the Exceptions tab

View all current exceptions.

2

Check expiration dates

Identify expired or expiring exceptions.

3

Update or remove

Renew, modify, or remove exceptions as needed.

Learn more

Compliance Plan Reporting

View and interpret compliance results

Connection error reporting

Understand how connection failures are reported

View compliance plan details

Review compliance status and execution history for a specific plan