Request an exception for a remediation task in Configuration Compliance

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Request an exception to defer the remediation of a remediation task for a specified period if it can’t be remediated immediately.

    Before you begin

    Role required: sn_vulc.remediation_owner

    About this task

    Important:
    You can request an exception for:
    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Procedure

    1. Navigate to All > Configuration Compliance > Remediation Tasks > All Tasks.
    2. Select the remediation task that you want to request an exception for.
      The selected task must be in the Open, Under Investigation, or Awaiting Implementation state.
    3. On the Remediation Task form, click Request Exception.
      Note:
      Depending on whether Vulnerability Response or GRC: Policy and Compliance Management is selected in the Configuration Compliance > Exception Management screen, the Request Exception form changes. See Configure Exception Management for Configuration Compliance
    4. If Vulnerability Response is selected in the Exception Management screen, then do the following:
      1. On the form, fill in the fields.
        Table 2. Request Exception form
        Field Description
        Until Date on which the exception request expires. This date must be within the duration selected in the All > Configuration Compliance > Administration > Exception Management screen.
        When the exception request expires, the group reverts to its Open state.
        Note:
        Starting with version 14.7 of Configuration Compliance (CC), if a deferred remediation task is reopened by a scanner before the exception window expires, then the state of the remediation task changes from Open to Deferred. This functionality is disabled by default. To enable this functionality, set the value of the system property sn_vulc.auto_defer_test_result_in_active_exception_window to true. Also, the deferred until date persists even after the remediation task reopens after the expiration date.
        Reason Reason for the exception. Choices are as follows:
        • Risk Accepted
        • Awaiting Maintenance Window
        • Fix Unavailable
        • Mitigating Control in Place
        • Other

        To see how to add new reason choices, see Define policy reason mappings.
        Additional information Details that are related to the reason why this request is being made. This field is to be updated by the remediation owner.
      2. Submit the exception request by clicking Request Approval.

    Result

    The state of the remediation task changes to In Review. Use the State Change Approval tab to track the status of the exception request.