Request risk reduction for a vulnerable item or remediation task

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Request a reduction in risk for a host vulnerable item or a remediation task in the IT Remediation Workspace.

    시작하기 전에

    Role required: sn_vul.remediation_owner

    이 태스크 정보

    Starting from v21.0 of Vulnerability Response, you can request risk reduction only for the following items:
    • A remediation task only if all its vulnerable items are associated to the same Common Vulnerability Entry (CVE) regardless of whether its risk reduction is enabled for CVEs.
    • A third-party (TPE) for which risk reduction is enabled.
    주:
    The compensating controls feature is available for host vulnerabilities only.

    프로시저

    1. Navigate to Workspaces > IT Remediation Workspace.
    2. Select the List icon (List icon).
    3. On the List page, open a host vulnerable item or a remediation task.
    4. Select the More options icon and select Request Exception.
    5. On the Request Exception form, fill in the fields.
      For a description of the field values, seeRequest exception form for risk reduction.
    6. Select Request Exception.
    7. If a Take Questionnaire modal is displayed, answer the questions to provide additional information about your request and select Submit.
      주:
      The Take Questionnaire modal appears only when the questionnaire is enabled for exception management. For more information, see Configure Exception Management for Vulnerability Response.

    결과

    A message appears stating that your request is successfully submitted for approval. A notification is sent to the approver about your request.

    • If your request is for a deferral and risk reduction:
      • Two state change approvals (VCA#) are created for deferral and risk reduction.
      • The state of the record changes to In Review.
    • If your request is for risk reduction only:
      • A state change approval (VCA#) is created.
      • The state doesn't change.

    On approval or rejection of your request, you’ll receive a notification. For more information on the approval process, see Approve or reject requests in the Vulnerability Manager Workspace.

    For more information on how the Until date for risk reduction is updated for a remediation task and vulnerable item when a risk reduction request is approved, see Impact of the compensating controls on risk score and expiration date.