State roll-up and roll-down scenarios automatically sync the status of remediation tasks (RTs) and vulnerable items (VITs), ensuring real-time updates across both. This dynamic interaction reduces manual tracking, enhances accuracy, and provides users with an up-to-date view of progress, making vulnerability management more efficient and helping users make informed decisions quickly.

Roll-up behavior

When vulnerable item (VIT)states change, these changes may propagate up to the remediation task (RT)level. The following table summarizes key roll-up scenarios where changes in vulnerable item (VIT) state may influence the associated remediation task (RT) state, based on closure conditions, reassignments, and deferrals.

Table 1. Roll-up scenarios
VIT State RT State
Open > Under Investigation Remains Open
Open > Closed-False Positive Remains Open
Open > In Review Remains Open
Open > Deferred (any substate) Open > Deferred
Open > Resolved Remains Open
Open > Closed-Cancelled Remains Open
Open > Closed-Fixed Open > Closed-Fixed
Open > Closed-Fixed with exceptions Open > Closed
Closed-Fixed > Open Remains Closed-Fixed
Open > Closed-Fixed; (after next scan) > Resolved Remains Open
Open > Closed-Invalid Remains Open
Open > Closed-Stale Open > closed-Cancelled
Closed-Stale > Open Remains Closed-Cancelled
Open > Closed-Result Invalid Remains Open
Open > Closed-Invalid Remains Open
Open > Closed-CI Decommissioned Open > Closed-Cancelled
Open > Awaiting Implementation-Patch Scheduled Remains Open
Open > Awaiting Implementation-Patch Not Scheduled Remains Open
Open > Awaiting Implementation-Patch Scheduled (missing target date) Remains Open
Under Investigation > Closed-CI Decommissioned

RT1: Under Investigation > Closed-Cancelled

RT2: Under Investigation > Closed-Cancelled
Open > Resolved; RT = Resolved; Reopens VIT

If assigned,

RT: Resolved > Under Investigation;

Else: Open

VIT1: Closed-Fixed

VIT2: Under Investigation

If VIT2 reopens and VIT1 stays Resolved.

RT1: Under Investigation

RT2: Closed-Fixed

VIT1: Closed-Stale

VIT2: Closed-CI Decommissioned

 Open > Closed-Cancelled

VIT1: Resolved

VIT2: Closed-CI Decommissioned

 Remains Open

VIT1: Closed-Fixed

VIT2: Closed-CI Decommissioned

 Open > Closed-Cancelled

VIT1: Closed-Fixed

VIT2: Closed-Stale

 Open > Closed-Fixed

VIT1: Closed-<any sub-state>

VIT2: Deferred

Open> Deferred

Until date carried fwd as VIT2

Roll-down behavior

When the state of a remediation task changes, the state is often propagated to the associated VITs unless overridden by manual updates or specific exceptions. The following table summarizes key roll-down scenarios where changes in remediation task (RT) state may affect the associated vulnerable item (VIT) state, based on precedence rules and special conditions.

Table 2. Roll-down scenarios
RT State VIT State
Open> Under Investigation Open> Under Investigation
Open > Closed-False Positive Open > Closed-False Positive
Open > In Review Open > In Review
Open > Deferred (Sub-state: Reason Given) Open > Deferred (Substate: Reason Given)
Open > Resolved Open > Resolved
Open > Closed-Cancelled Remains Open
Open > Closed-Fixed with Exceptions Remains Open

RT1: Open > Under Investigation

RT2: Open

 Open > Under Investigation

RT1: Open > Under Investigation > Awaiting Implementation

RT2: Under Investigation

 Open > Under Investigation > Awaiting Implementation

RT1: Awaiting Implementation > Deferred

RT2: Awaiting Implementation

 Awaiting Implementation > Deferred

RT1: Awaiting Implementation > Closed-Cancelled

RT2: Under Investigation

 Awaiting Implementation> Under Investigation

Open>Closed-Fixed with Exceptions

Final Observations: VIT2 remains Open

VIT1: Open > Closed-Fixed

VIT2: Open

Open>Resolved

Final Observations: VIT2: Open>Resolved

VIT1: Open > Closed-Fixed

VIT2: Open

Open>Resolved

Final Observations: VIT2 Reopens; VIT1 stays Resolved;

RT: Resolved > Open

VIT1: Open > Closed-Fixed

VIT2: Open