State roll-up and roll-down scenarios

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of State roll-up and roll-down scenarios

    State roll-up and roll-down scenarios in ServiceNow automatically synchronize the status between remediation tasks (RTs) and vulnerable items (VITs). This ensures real-time updates, reduces manual effort, improves accuracy, and provides users with an up-to-date view of vulnerability management progress. This dynamic state syncing helps customers make timely, informed decisions.

    Show full answer Show less

    Roll-up behavior (VIT to RT)

    Changes in vulnerable item states can propagate upward to affect the state of associated remediation tasks. Key scenarios include:

    • If VITs transition to non-final or non-actionable states, the RT remains open.
    • If all associated VITs share the same closed sub-state, the RT closes with that same sub-state.
    • If associated VITs have different closed or deferred sub-states, the RT closes or defers without a sub-state.
    • VITs marked as fixed but pending verification keep the RT open until confirmed.
    • Reopened VITs do not necessarily reopen RTs if the RT was previously closed as fixed or stale.
    • Multiple RTs related to decommissioned configuration items transition to Closed–Cancelled.
    • Reopened resolved VITs trigger RT reassignment or transition to Under Investigation or Open depending on prior assignment status.

    Roll-down behavior (RT to VIT)

    When remediation task states change, these updates often propagate downward to associated vulnerable items, except where manual overrides or exceptions exist. Key scenarios include:

    • RTs moving to non-final states (Under Investigation, In Review, Closed–False Positive) cause VITs to mirror the RT state.
    • RT deferrals apply specified reasons to VITs.
    • RTs marked as resolved update VITs to Resolved.
    • RT closures without full resolution leave VITs open.
    • When multiple RTs exist with different states, VIT state updates reflect the varying RT states (e.g., mixed Under Investigation, Awaiting Implementation, Deferred, or Cancelled states).
    • Mixed VIT outcomes (e.g., fixed with exceptions vs. open) remain reflected individually.
    • Reopened RTs cause associated VITs to reopen accordingly.

    Practical implications for ServiceNow customers

    This automated state synchronization streamlines vulnerability and remediation tracking by ensuring consistent and timely status updates between tasks and vulnerable items. It minimizes manual reconciliation, supports accurate reporting, and helps teams prioritize remediation efforts effectively. Customers can expect improved visibility into vulnerability lifecycle stages and better coordination across remediation activities.

    State roll-up and roll-down scenarios automatically sync the status of remediation tasks (RTs) and vulnerable items (VITs), ensuring real-time updates across both. This dynamic interaction reduces manual tracking, enhances accuracy, and provides users with an up-to-date view of progress, making vulnerability management more efficient and helping users make informed decisions quickly.

    Roll-up behavior

    When vulnerable item (VIT)states change, these changes may propagate up to the remediation task (RT)level. The following table summarizes key roll-up scenarios where changes in vulnerable item (VIT) state may influence the associated remediation task (RT) state, based on closure conditions, reassignments, and deferrals.

    Table 1. Roll-up scenarios
    VITs State Condition RT State
    Open → Under Investigation / Awaiting Implementation (any sub-state) / In Review / Closed–False Positive / Closed–Invalid / Closed–Result Invalid / Resolved VIT transitions to any non-final or non-actionable state Remains Open
    Open → Closed All associated VITs have the same sub-state Closed – <same sub-state as VITs>
    Open → Closed All associated VITs have different sub-states Closed – <no sub-state>
    Open → some Closed VITs and some Deferred VITs All associated Deferred VITs have the same sub-state Deferred – <same sub-state as VITs>

    (Until date = earliest of all VITs)
    Open → some Closed VITs and some Deferred VITs All associated Deferred VITs have different sub-states Deferred – <no sub-state>

    (Until date = earliest of all VITs)
    Open → Closed–Fixed (after next scan) → Resolved VITs marked as fixed but pending verification Remains Open
    Closed–Fixed → Open VIT reopens after being Closed–Fixed Remains Closed–Fixed
    Closed–Stale → Open VIT reopens after being Closed–Stale Remains Closed–Cancelled
    Under Investigation → Closed–CI Decommissioned Multiple RTs (e.g., RT1, RT2) exist for related VITs Each RT transitions to Closed–Cancelled
    Resolved → Open If a resolved VIT reopens and the previously associated RT was assigned to a user Resolved → Under Investigation
    Resolved → Open If a resolved VIT reopens and the previously associated RT was unassigned to a user Resolved → Open

    Roll-down behavior

    When the state of a remediation task changes, the state is often propagated to the associated VITs unless overridden by manual updates or specific exceptions. The following table summarizes key roll-down scenarios where changes in remediation task (RT) state may affect the associated vulnerable item (VIT) state, based on precedence rules and special conditions.

    Table 2. Roll-down scenarios
    RT State Condition VIT State
    Open → Under Investigation / In Review / Closed–False Positive RT transitions to a non-final or non-actionable state Mirrors RT state change (Open → <same state as RT>)
    Open → Deferred (Sub-state: Reason Given) RT deferred with a specified reason Open → Deferred (Sub-state: Reason Given)
    Open → Resolved RT marked as resolved Open → Resolved
    Open → Closed–Cancelled / Closed–Fixed with Exceptions RT closed without full resolution Remains Open
    RT1: Open → Under Investigation; RT2: Open One RT moves to Under Investigation while another remains Open Open → Under Investigation
    RT1: Open → Under Investigation → Awaiting Implementation; RT2: Under Investigation One RT progresses to Awaiting Implementation Open → Under Investigation → Awaiting Implementation
    RT1: Awaiting Implementation → Deferred; RT2: Awaiting Implementation One RT deferred while another remains Awaiting Implementation Awaiting Implementation → Deferred
    RT1: Awaiting Implementation → Closed–Cancelled; RT2: Under Investigation One RT cancelled while another is Under Investigation Awaiting Implementation → Under Investigation
    Open → Closed–Fixed with Exceptions Mixed outcome: one VIT closed as fixed with exceptions, another remains open VIT1: Open → Closed–Fixed; VIT2: Remains Open
    Open → Resolved Mixed outcome—one VIT closed as fixed and another resolved VIT1: Open → Closed–Fixed; VIT2: Open → Resolved
    Resolved → Open RT reopens after resolution VIT2 reopens; VIT1 remains Resolved