Remediation task state for Vulnerable Items (VITs) in multiple groups

Release version: Australia

Updated March 12, 2026

3 minutes to read

Summarize

Summarized using AI

Summary of Remediation Task State for Vulnerable Items (VITs) in Multiple Groups

This document outlines how the state of Vulnerable Items (VITs) is determined when they are part of multiple remediation tasks (RTs). The priority of states across these tasks dictates the final state of each VIT, ensuring customers can effectively manage vulnerabilities within their systems.

Show full answer Show less

Key Features

State Precedence: The state of a VIT is influenced by the highest precedence among multiple RTs. For example, if one RT is "Under Investigation" and another is "Open," the VIT will reflect "Under Investigation."
Special Cases: Certain conditions can change the VIT state, such as when an RT is marked as "Closed/Fixed," which can revert the VIT to "Under Investigation" if another RT is still open.
Individual State Setting: If a VIT's state is set individually, it also factors into the precedence for state evaluation across all associated RTs.
Deferred States: When multiple RTs are in a deferred state, the VIT will remain deferred until the latest end date is reached, ensuring clarity in vulnerability management timelines.

Key Outcomes

By understanding the precedence of remediation task states, ServiceNow customers can ensure that VITs are accurately tracked and managed according to their most critical statuses, reducing the risk of oversight in vulnerability remediation. This structured approach allows for efficient handling of vulnerabilities across multiple groups and tasks.

When a VIT is in multiple remediation tasks, (RT in the following tables), and its own state has not been set, the higher precedence group state determines the state of that VIT, as shown in the following table.

Table 1. Vulnerable item states examples
Remediation task state	Vulnerable item state
RT 1: Open > Under Investigation RT 2: Open	Under Investigation When RT 1 is Under Investigation and RT 2 is Open, the VI changes to Under Investigation. After the search, between RT 1 and RT 2, RT 1 has the state with the highest precedence.
RT 1: Under Investigation RT 2: Open > Under Investigation	Under Investigation When RT 2 is Under Investigation and RT 1 is Under Investigation, the VI stays as Under Investigation. After the search, between RT 1 and RT 2, they have the state with the same precedence.
RT 1: Under Investigation RT 2: Under Investigation > Awaiting Implementation	Awaiting Implementation When RT 2 is Awaiting Implementation and RT 1 is Under Investigation, the VI changes to Awaiting Implementation. After the search, between RT 1 and RT 2, RT 2 has the state with the highest precedence.
RT 1: Under Investigation > Deferred RT 2: Awaiting Implementation	Deferred When RT 1 is Deferred and RT 2 is Awaiting Implementation, the VI changes to Deferred. After the search, between RT 1 and RT 2, RT 1 has the state with the highest precedence.

Table 2. Vulnerable item in multiple groups special cases
Remediation task State	Vulnerable Item State
RT 1: Under Investigation RT 2: Awaiting Implementation > Closed (Fixed or Cancelled)	Under Investigation When RT 2 is Closed/Fixed or Closed/Cancelled, and RT 1 is Under Investigation, the VI changes from Awaiting Implementation (previously the highest precedence) to Under Investigation (currently the highest precedence).
RT 1: any state RT 2: any state	If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed/Fixed. This condition is true no matter what states the other associated groups are in. The vulnerable item search for the group state does not occur.

When a VI state is set individually, its state is considered when evaluating precedence, as with any other remediation task. When a VI belongs to more than one remediation task, the following table lists the updates that are made.

Table 3. Vulnerable item state set individually special cases
Vulnerability item state within a group	Vulnerable item final state
RT 1 state: Under Investigation RT 2 state: Under Investigation > Awaiting Implementation Original VI state: Under Investigation > (set on the VI)	Awaiting Implementation When RT 2 moved to Awaiting Implementation, and RT 1 remained Under Investigation, the VI changes to Awaiting Implementation (the highest precedence).
RT 1: Under Investigation RT 2: Under Investigation > Awaiting Implementation Original VI state: Deferred > (set on the VI)	Deferred When RT 2 moved to Awaiting Implementation, and RT 1 remained Under Investigation, the VI remains in the Deferred state (the highest precedence).

The following table shows that when two remediation tasks with common vulnerable items are deferred, the state is deferred until the latest date is reached.

Table 4. Vulnerable item deferred state special cases
Vulnerability item state within a group	Vulnerable item final state
RT 1 state: In Review (until April 10) RT 2 state: Under Investigation > In Review (until April 30) Original VI state: In Review (until April 10) > (set on the VI)	Deferred (until April 30) When RT 2 moved to Deferred (until Apr-30), and RT 1 remains Deferred (until Apr-10), the VI changes from Deferred (until Apr-05) to Deferred state (until Apr-30).
RT 1: In Review (until July 15) RT 2: Under Investigation > In Review (until July 10 Original VI state: Deferred > (until July 15)	Deferred (until July 15) When RT 2 moved to Deferred (until Jul-10), and RT 1 remains Deferred (Jul-15), the VI remains in Deferred (until Jul-15).