Request exception form fields for policy exceptions
- UpdatedJul 31, 2025
- 1 minute read
- Zurich
- Security Operations
The following table shows the fields that you must fill on the Request exception form for policy exceptions.
| Field | Description |
|---|---|
| Policy | Vulnerability Management policy that you’re requesting an exception for. |
| Control objective | Control objectives associated with the policy that you selected. If a policy isn’t selected, all the control objectives are listed. |
| Valid from | Date when the exception starts. The default value is the current date. This date can't be in the past. |
| Valid until | Date that the policy exception expires and the state of the vulnerable item or group changes from Deferred to Open. Note: The number of days that the policy exception is valid can't exceed the value in the
Maximum exception duration (days) field that you set for the policy. For more information, see Create a policy. |
| Reason | Reason for requesting an exception. |
| Justification | Details related to the reason this exception is being requested. This field must be filled in by the remediation owner. |
Related Content
- Request an exception using GRC: Policy and Compliance Management in the IT Remediation Workspace
Request a policy exception for the host vulnerable item (VIT), application vulnerable item (AVIT), container vulnerable item (CVIT) or remediation task (VUL, AVUL, CVUL, or CRG) from the IT Remediation Workspace.