Limit the duration of an exception requested and add a questionnaire to the exception or false positive request using the module. By default, an exception is requested using the ServiceNow® Application Vulnerability Response module. You can also request an exception using the GRC: Policy and Compliance Management integration.

Before you begin

Role required: sn_vul.app_manage_exception_configuration

About this task

If Vulnerability Response is enabled, you can limit the duration for which an exception can be requested. Similarly, if the GRC: Policy and Compliance Management module is installed, you can select GRC: Policy and Compliance Management on the configuration screen. Enabling this option lets you request an exception that specifies the Policy and Control objective from GRC.

If you add a questionnaire, it’s sent to the person raising the exception or the false positive request. You can either use the default questionnaire or create one based on your requirements.

It’s useful for the exception approver to understand the reason for requesting the exception.

Procedure

  1. Navigate to All > Application Vulnerability Response > Administration > Exception Management.
  2. On the Exception Management Configuration form, select how you want to manage an exception by selecting an option from the Manage exceptions using list.
    Note: Starting with Vulnerability Response version 17.1, you can select either Vulnerability Response or GRC: Policy and Compliance Management. You must activate the GRC plugin to use GRC: Policy and Compliance Management to request an exception. Changing the configuration doesn’t impact the existing data.
  3. Fill the fields on the form based on what option that you selected.
    • If you selected the Vulnerability Response option, then fill in the fields on the form.
      Table 1. Settings for VR Exception Management form
      Field Description
      Duration Period for which an exception can be requested.
      Unit Unit of time for the specified period.
      Enable questionnaire to request exception Option to add a questionnaire to the exception request being raised.
      Questionnaire to request exception Option to display the questionnaire selected by you to request an exception. The Exception Questionnaire is displayed by default.
      Enable questionnaire to mark false positive Option to add a questionnaire to the false positive request being raised.
      Questionnaire to mark false positive Option to display the questionnaire selected by you to mark as a false positive. The questionnaire for false positive request is displayed by default.
    • If you selected the GRC: Policy and Compliance Management option, then fill in the fields on the form.
      Table 2. Settings for VR Exception Management form
      Field Description
      Enable questionnaire to mark false positive Option to add a questionnaire to the false positive request being raised.
      Questionnaire to mark false positive Option to display the questionnaire selected by you to mark as false positive. The questionnaire for false positive request is displayed by default.
  4. Select Save.