What it is (plain English)
Tracks whether systems are configured securely against benchmarks (like CIS), ingests configuration-scan results, matches failures to assets, and drives remediation — the configuration-hardening companion to Vulnerability Response (VR)'s patch-focused work.
Problems it solves
- Misconfigurations (open ports, weak settings) going unnoticed until exploited.
- Config-scan results that don't map to owners or get remediated.
- No unified view of hardening posture across the estate.
What must exist first
Platform Core Setup and CMDB Foundation (results map to assets). Configuration-scanning tool integration is required.
What the customer needs to provide
- Your configuration/compliance scanner and integration details.
- The benchmarks/policies you're measuring against.
- Asset ownership for remediation assignment.
- Remediation SLAs and exception process.
Where it can go next
Works alongside Vulnerability Response (VR) for a complete exposure picture; remediation flows through Change Management; supports Policy & Compliance Management evidence.