Remediation tasks and vulnerable item states

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Remediation Tasks and Vulnerable Item States

    Remediation tasks and vulnerable item states are interconnected, primarily where the state of a remediation task influences the state of associated vulnerable items. Understanding these relationships is crucial for effective management of vulnerabilities within ServiceNow.

    Show full answer Show less

    Key Features

    • State Precedence: The precedence of states is established as follows: Closed > Deferred > Resolved > In Review > Awaiting Implementation > Under Investigation > Open.
    • State Updates: Vulnerable items inherit the state of their remediation task unless updated individually. For example, moving from Open to Awaiting Implementation will update all items under that task to Awaiting Implementation.
    • Deferral Tracking: Version 16.5 allows tracking of how many times items or tasks have been deferred. A scheduled job updates deferral counts for items deferred more than once.
    • Special Cases: If a remediation task is marked Closed with a resolution of Canceled or Fixed with Exception, it does not affect the vulnerable items, which will revert to the Open state if not part of another task.
    • Assignment Fields: If both the Assigned to and Assignment group fields are empty, the remediation task remains in the Resolved state when its items change to Open.

    Key Outcomes

    ServiceNow customers can expect streamlined management of remediation tasks and vulnerable items, with automated updates based on task states. Understanding the deferral tracking and state precedence will help in maintaining accurate vulnerability records and ensuring efficient remediation processes. Additionally, customers will benefit from knowing that individual updates to vulnerable items can prevent unwanted automatic state changes, thereby supporting more tailored vulnerability management strategies.

    Remediation tasks and vulnerable items states can affect each other. Most of the time, a remediation task state updates the vulnerable item state, with the highest precedence task state used to update the vulnerable items in the group.

    The state precedence is as follows.

    Closed > Deferred > Resolved > In Review > Awaiting Implementation > Under Investigation > Open

    • When a group of vulnerable items are in one remediation task and aren't altered at an individual level, they have the same state as their remediation task.
    • When the remediation task goes from the Open state to Awaiting Implementation, all the VIs in the remediation task move to the Awaiting Implementation state.
    • When the remediation task is deferred, the VI is likewise deferred. Starting with version 16.5, you can track the number of times that a vulnerable item, application vulnerable item, container vulnerable item, or a remediation task is deferred. The scheduled job, set deferral counts, runs daily to post counts for the records that are deferred more than once in the Deferral count column in the Multiple deferrals modules for VR, AVR, and CVR. All counts for VIs that are associated with a remediation task are collected and posted if a remediation task is deferred more than one time.
    Vulnerable items updated only by remediation tasks
    Items match the state of the remediation task, if they haven't been updated individually, with these exceptions:
    • If the remediation task state changes to Closed, and its resolution to Canceled or Fixed with Exception, the item is not affected and takes on the state of any other remediation task that contains it. If the vulnerable item is in no other remediation task, it reverts to the Open state.
    • If the vulnerable item state is Closed/Fixed (updated by a scan or import), then when the remediation task changes its state, the vulnerable item remains in the Closed/Fixed state. This condition is true no matter what state the remediation task is in.
    Vulnerable items in states set individually
    Vulnerable items, in a state updated on the item, such as those items closed or deferred individually, don't match the state of the remediation task automatically. Instead, it compares its state to all associated groups to find the state with the highest precedence to apply.
    Note:
    The Closed/Fixed state is a special case. For the vulnerable items that are set to the Closed/Fixed state, if all vulnerable items within a remediation task are set to Closed/Fixed — such as when a scanner finds that all the vulnerabilities have been remediated — the remediation task is automatically marked as Closed/Fixed.
    Remediation tasks contain empty assignment fields
    If the state of the VIs in a remediation task changes from Resolved to Open, the state of the remediation task is also updated from Resolved to Under Investigation.

    However, if both the Assigned to and Assignment group fields in the remediation task are empty, the remediation task remains in the Resolved state and does not move to Under Investigation.

    Assignment group for vulnerable items is not always updated when their remediation task is updated
    If the assignment group for a VI in Open state is updated manually, it is not updated again when the assignment group for its remediation task is updated. This information is not overwritten because the assignment group for the VI has been updated intentionally, and might be a part of another remediation task.