Compliance plans overview

Add-on product: Configuration Manager extends Itential Platform with configuration compliance and validation capabilities. It requires Itential Platform as a prerequisite. View platform overview.

A compliance plan defines the scope, schedule, and device targets for running configuration compliance checks across your infrastructure. Compliance plans use Golden Configuration trees as their source of truth and generate consolidated reports for audit and analysis.

How compliance plans relate to Golden Configurations

Golden Configuration trees define what a compliant device configuration looks like. A compliance plan defines which devices to check, how often to check them, and how to report the results.

The two constructs work together:

A Golden Configuration tree contains nodes, each with a baseline configuration, evaluation rules, and optional variables.
A compliance plan references one or more Golden Configuration trees and specific nodes within them, associates them with a set of devices, and runs compliance checks on a defined schedule.
A single Golden Configuration tree can be referenced by multiple compliance plans. For example, the same security baseline tree can be applied to different device groups on different schedules.

Run compliance against a node vs. use a compliance plan

You can run compliance checks directly from a Golden Configuration node, or you can run them through a compliance plan. The method you choose determines what reporting is available to you.

	Direct node compliance	Compliance plan
How to trigger	Node menu → Run Compliance	Scheduled or manual run from compliance plan
Best for	Ad-hoc checks during tree development	Scheduled, reportable compliance programs
Compliance dashboard	Not available	Available after first execution
Trend reporting	Not available	Available
Device-level drill-down	Not available	Available
Audit trail	Not available	Available

The compliance plan dashboard, trend reporting, device-level drill-down, and audit trail are available in Platform 6.4 and later. In earlier versions, compliance plans generate reports but don’t provide dashboard visibility.

What compliance plans check

Compliance plans execute checks against device configurations and generate reports based on how each plan is configured. Device selection supports individual devices, device groups, and—in Platform 6.4 and later—regex-based filtering and improved pagination for large inventories.

Compliance Plan Reporting

Platform 6.4.0+

Platform 6.4 introduced a dedicated Compliance Plan Reporting page that provides visibility into compliance status across your infrastructure. It organizes information across four tabs — Dashboard, Compliance Plans, Reports, and Devices — and supports drill-down into individual plan, report, and device detail pages.

For a full description of all available metrics and views, see Compliance Plan Reporting.

Compliance plan scope and RBAC

Your role-based access control (RBAC) permissions in Inventory Manager determine which devices you can include in a compliance plan. You can only create compliance plans against inventory you have access to.

Next steps

Create a compliance plan

Set up a new compliance plan

Compliance Plan Reporting

Understand dashboard metrics and drill-down views

Golden Configuration overview

Learn how Golden Configuration trees work