Hi @Don Dom ,
This questionnaire is used when you request an exception for a vulnerability and propose a compensating control as a mitigation. A compensating control is an alternative that achieves the same security objective as a required control but in a different way.
What it is: A set of questions to collect details about the compensating control for a vulnerability exception.
Where to use it: Within the Vulnerability Response workflow, when submitting an exception request.
How to use it: When creating an exception for a Vulnerable Item (VI) or group of VIs, select the option that a compensating control will be applied. This triggers the questionnaire for you to complete.
When it’s triggered: During the exception request process, specifically when proposing a compensating control instead of a direct fix or risk acceptance.
If you don’t see it:
Check that your exception workflow includes the compensating control option.
Ensure your user role has permission to request exceptions and access this questionnaire.
Confirm you are creating an exception of the correct type (Vulnerability Response).
Helpful references from ServiceNow documentation:
Vulnerability Response Release Notes – Overview of VR features and updates.
Exception Management with Smart Assessment – How to configure and use exception questionnaires.
Compensating Controls Overview – Details on compensating controls in Vulnerability Manager Workspace.
Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution so others can benefit as well.
