...
The Itential Platform
The agentic operations platform for infrastructure teams.
Platform Overview
CAPABILITIES
DEVELOPER RESOURCES
Our Customers
See why top organizations choose Itential
Learn More
INDUSTRIES
CASE STUDIES
Customer Stories
Lumen’s Network Automation Journey: From Manual Workflows to AI-Assisted Autonomy
Customer Stories
How Southern California Edison Is Automating the Grid for an AI-Driven Future
Latest News
Itential unveils FlowAI, delivering agentic orchestration for infrastructure operations.
Learn More
Company
Partners
Featured Partner
KNOWLEDGE HUB
Explore all Resources
SEARCH BY TYPE
FEATURED RESOURCES
Analyst Reports
451 Research: Autonomous, Governed AI for Enterprise Infrastructure Operations
Blogs
Why Agent Sprawl Is the Next Script Sprawl
Podcasts
Operator to Agent Manager: Network Engineering’s Future | Ship AI
Itential logo
Configuration Validation & Compliance

Golden Config Standards, Continuously Enforced

Define golden configuration standards for any CLI device, API-managed service, or cloud resource. AI agents query compliance posture, detect drift, and generate remediation workflows via Spec-Driven Development, all governed with pre/post validation, approval gates, and immutable audit trails.

Request a Demo Watch a Demo
Compliance Across Every Infrastructure Type

Ensure Compliance Across Your Entire Infrastructure

Compliance shouldn’t stop at the CLI. Itential enforces golden config standards across every infrastructure type your teams operate, CLI-managed devices and API-managed services in the same compliance model. One standard. One audit report. One governed remediation pass. Every domain, every device, every change.

How Itential’s Compliance Plans Transform CLI & API Compliance within One Platform
Golden Config

The Compliance Standard Behind Every Check

Golden Config is the structured definition of what good looks like for every device, controller, and cloud resource in your infrastructure. Build the standard once, apply it across vendors and regions, and let inheritance handle the rest. Every compliance check, drift detection, and remediation workflow runs against the same source of truth.

End Compliance Fire Drills
Hierarchical Template Inheritance

Define a root golden config standard once. Child nodes inherit automatically. A regulatory change at the parent cascades to every device underneath, no per-device rebuilds, no template sprawl.

Jinja2 Variables for Multi-Vendor, Multi-Region Standards

A single template adapts across Cisco, Arista, Juniper, and any other vendor in your environment. Region-specific values, device-specific attributes, and conditional logic all live in one template. One standard, every variant.

Ordered List Compliance for ACLs & Route Policies

Some configurations are compliant only if the order is right. ACLs, route policies, firewall rules: line order determines security. Golden Config validates not just what’s there, but in what sequence, with the precision compliance audits require.

Spec-Driven Development

Generate Compliance Standards From Plain Language

Itential Builder Skills are AI agent skills available on the Anthropic Marketplace that turn plain-language specs into real Golden Config templates. Every Golden Config capability is exposed as a documented REST API endpoint. Describe a compliance requirement in plain language: a security policy, a regulatory standard, a config baseline. The Builder Skill constructs the template via those APIs directly. Commit to Git, deploy through CI/CD, ready to enforce against live infrastructure. The output is identical to a hand-built standard: same schema, same governance, same enforcement behavior.

 

Explore Builder Skills
Icon with a key inside a shield, symbolizing security and compliance
Itential Builder Skills on the Anthropic Marketplace

AI agent skills that generate real, production-ready Golden Config templates through the platform’s REST APIs. Available today, installable in minutes.

Git-Native, CI/CD Deployed

Every Builder-Skill-generated template commits to GitHub, GitLab, or Bitbucket. CI/CD picks it up and deploys automatically: version-controlled, auditable, and ready to enforce from the first compliance check.

Same Governance, Zero Extra Configuration

Builder-Skill-generated templates run through the same compliance enforcement engine as anything built manually. Same RBAC, same approval gates, same audit logging, same drift detection. No separate path, no special handling, no governance gap.

Historically, network-related compliance requirements were difficult to manage across our large disparate network because we didn’t have a good way of backing up, auditing, and maintaining configurations. Itential’s automation capabilities give our team the guardrails we need to sleep better at night as well as the ability to do more than we ever anticipated.
Network Security Architect
Pacific Gas & Electric
Unified Compliance Model

CLI & API Compliance on One Platform

CLI devices need line-level validation, including ordered checks for ACLs and route policies. API-managed services need JSON property validation, including array entries and conditional values. Itential runs both through the same compliance engine, producing one unified audit report. The mechanism adapts. The model stays consistent.

CLI & API Compliance
Icon with a key inside a shield, symbolizing security and compliance
CLI Validation at the Line Level

For CLI-managed routers, switches, firewalls, and load balancers across any vendor, golden config templates validate the running configuration line by line. Specific configuration statements, ACL entries, route policy lines, and ordered lists where sequence determines compliance, all caught at the exact point of deviation.

API Validation at the JSON Property Level

For API-managed SD-WAN controllers, cloud networking services, and any system managed via REST API, golden config templates validate the JSON response field by field. Specific properties, values, array entries, and conditional logic, all checked against the structured schema that defines compliant.

One Audit Report, Every Interface

CLI devices and API-managed services produce a single unified compliance report per execution. Same compliance plan, same severity grading, same remediation routing. Auditors get one evidence package, not five. Engineers get one remediation pass, not five.

Continuous Compliance

Validate Before, Detect During, Enforce After

Proposed changes are validated against golden config standards before they execute. Non-compliant changes blocked before they reach production. Running configurations are continuously compared against golden standards, with drift detected at the attribute level the moment it occurs. Remediation workflows trigger automatically for routine drift, or surface for human-in-the-loop review for high-risk deviations. Every check, deviation, and remediation is logged immutably.

Moving from Reactive to Proactive
Pre-Change Validation

Every proposed change validated against the applicable golden config standard before execution. Non-compliant changes never reach a device.

Continuous Drift Detection

Running configs compared against golden standards at the attribute level: specific config lines, ACL entries, JSON properties. Drift detected the moment it occurs.

Human in the Loop Review

Routine drift triggers automatic remediation workflows. High-risk deviations surface for human review before any change executes.

AI-Native Compliance

AI Agents as Compliance Analysts & Remediation Engineers

FlowAgents interact with configuration validation in two ways. As analysts, they query compliance posture, identify drift patterns, and generate remediation proposals. As execution engines, they call compliance and remediation workflows as governed tools, at scale, across thousands of devices simultaneously. Every agent-initiated compliance action flows through the same governed execution layer as human-initiated actions. Agents can propose. They cannot bypass governance.

AI Driven Compliance
Agents Query Compliance Posture Across CLI & API

FlowAgents query current compliance score, violations, and drift patterns across CLI and API-managed devices in one structured query. One question, complete posture.

simple icon of a checkmark
Agents Execute Compliance & Remediation as Governed Tools

Every compliance check and remediation workflow lives in the FlowAgent’s allowlisted tool library: structured inputs, defined outputs, governed execution enforced automatically. Agents call, the platform enforces.

Agents Generate New Remediation Workflows on the Fly

When no remediation workflow exists yet, a FlowAgent triggers Spec-Driven Development to generate one, then calls it as a governed tool. Advisory to fix in minutes.

Use Cases

AI-Driven Compliance in Action

See how teams are using Itential to enforce compliance across CLI devices, API-managed services, and cloud infrastructure today. Different triggers, different scales, same governance, same audit trail on every check and every remediation.

Explore Demo Library
Ordered List Compliance

Build Compliance Rules for Ordered CLI Configurations

ACLs, route policies, and firewall rules pass compliance only if the order is right. A walkthrough of building Golden Config rules that validate ordered CLI configurations at the line level, catching sequence violations that traditional compliance tools miss entirely.

Watch the Demo
Agentic Compliance

Network Config Compliance Through MCP & AI Agents

An engineer prompts an AI assistant to check compliance. The Itential MCP Server exposes compliance posture, drift patterns, and remediation workflows as callable tools. The agent queries state, identifies violations, and triggers governed remediation, all through the same compliance model that humans use. AI-native, fully governed.

Watch the Demo
PSIRT Response

Audit Network Security Against Cisco PSIRT Advisories

A new Cisco PSIRT publishes. A compliance plan runs against every affected device in the network estate automatically, identifying which devices are vulnerable, which configurations need remediation, and producing a unified audit report. Hours of triage become minutes.

Watch the Demo
Self-Service Compliance

Compliance-as-a-Service for App Teams

App teams need to ship fast, security teams need to enforce standards. Itential lets compliance teams define the Golden Config standards once, then expose self-service compliance checks and remediation as callable services for app teams. Velocity for developers, control for security.

Watch the Demo
Keep Learning

Dive Deeper into Config Compliance with Itential

Demos
Agent-Enabled Server Patch Readiness with Ansible + FlowAI
Watch now
Blogs
AI-Driven Golden Configuration Trees: End Compliance Fire Drills, Forever
Read more
Demos
How to Leverage Itential MCP & Agentic AI For Network Config Compliance
Watch now
Blogs
Building Trust in Non-Deterministic Systems: A Framework for Responsible AI Operations
Read more
Demos
DNS Workflow Automation Using Spec-Driven Development | Itential Builder Skills
Watch now

Frequently Asked Questions

+

Most existing compliance and config management tools share two limitations. First, they’re CLI-centric. NetBrain, SolarWinds NCM, and Gluware focus on CLI-managed network devices and don’t natively extend to API-managed controllers, cloud networking services, or JSON-configured infrastructure. Second, they separate detection from remediation. They identify non-compliance but executing governed remediation, with pre/post validation, approval gates, blast-radius controls, and rollback, requires exporting to other tools. Nautobot is excellent as a network source of truth and IPAM platform but is a data platform, not an execution platform. Itential closes both gaps. The full loop from detection through governed remediation executes on the same platform. Compliance covers CLI devices, API-managed services, SD-WAN controllers, and cloud resources simultaneously. FlowAgents query compliance posture and generate remediation workflows via Spec-Driven Development, extending compliance into AI-driven closed-loop remediation. These tools can work alongside Itential. Nautobot can serve as inventory source of truth, NetBrain or NCM can provide visibility, and Itential executes governed compliance across what they track..

+

Yes. Every compliance plan execution produces a structured audit report automatically: which devices were checked, which standards applied, which violations were found, what was remediated, when, by whom, with before/after configuration state for every affected device. CLI-managed devices and API-managed services appear in the same unified report. Reports map directly to SOX, HIPAA, PCI-DSS, NERC-CIP, and other frameworks requiring configuration compliance evidence. Auditors get one evidence package per execution. Engineers get one remediation pass per execution. No manual report generation, no piecing together CLI logs and cloud API responses, no last-minute compliance scrambles.

+

For CLI-managed devices, the platform continuously compares the running configuration, captured via CLI, against the golden config template defined for that device’s group. Comparison happens at the line level: specific configuration statements, ACL entries, route policy lines. For API-managed services, the platform continuously queries the current configuration state via the service’s REST API, retrieving the JSON response, and compares it against the JSON schema-based golden config template. Drift is detected at the JSON property level: specific fields, values, array entries. Both device types run through the same compliance enforcement model. The mechanism adapts to the device’s management interface, but the compliance model, audit trail, and remediation governance are identical.

+

Yes. Every compliance check and remediation workflow is automatically registered as a callable tool in the platform’s tool library, covering both CLI and API-managed device types. FlowAgents include them in their allowlisted skill set and call them with structured inputs: device scope, compliance plan identifier, remediation parameters. External AI systems and LLMs access the same tools through the Itential MCP Server, schema-validated, RBAC-enforced, and audited before anything executes. Every compliance action initiated by an agent flows through the same governance layer as human-initiated actions. Agents can query, propose, and execute across CLI and API-managed infrastructure. They cannot bypass compliance governance.

+

Yes. Itential is built to extend what teams already use, not replace it. Existing Ansible playbooks, Python scripts, and OpenTofu plans become callable workflow steps. Existing inventory sources of truth like NetBox or Nautobot feed FlowAgents with accurate device context. Existing observability tools and ticketing systems trigger governed remediation workflows. The platform handles the execution, RBAC, audit logging, and rollback layer your existing tools weren’t built to provide. Engineers keep their workflows. Compliance teams get the governance and unified audit trail.

+

Yes. Golden Config templates handle CLI syntax across Cisco, Arista, Juniper, and any other vendor in your network estate through Jinja2 variables and ordered list support. JSON schema-based templates handle API-managed services across AWS, Azure, GCP, SD-WAN controllers, and any system with a REST API. One compliance plan can validate a Cisco router via CLI, an AWS VPC security group via REST API, a Meraki network via its API, and a Palo Alto firewall via its API, all simultaneously. Multi-vendor and multi-cloud aren’t special cases. They’re the default.

Get Started

Make Compliance Continuous Across Every Infrastructure Type

See how configuration validation enforces golden config standards across CLI devices, API-managed controllers, and cloud services – with AI-native remediation, governed execution, and always-current audit evidence.

Talk to an Expert