Security Exposure Management Approvals View

  • Release version: Zurich
  • Updated November 19, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Exposure Management Approvals View

    The Security Exposure Management Approvals View in ServiceNow provides a unified and streamlined approval process for vulnerability and compliance exceptions. It simplifies workflows and enhances visibility for approvers by consolidating all approval requests into a single, comprehensive landing page within the Security Exposure Management workspace.

    Show full answer Show less

    Key Features

    • Approvals Landing Page: Centralized dashboard featuring widgets to track different approval categories such as today’s approvals, pending approvals, exception approvals, false positive approvals, all approvals, overdue approvals, expiring exceptions, exception extensions, and repeated rejections.
    • Interactive Approval Requests: Each request includes detailed, clickable links to relevant data such as record references, request type, risk rating, remediation status, assignment groups, and current state, enabling efficient review without leaving the page.
    • Finding Record Access: Users can access detailed attributes of findings—including state, remediation status, assignment group, and related detections—directly from the finding records (e.g., VIT, AVIT, CVIT).
    • Direct Deferral Requests: Ability to defer findings or remediation tasks straight from their forms, with automatic submission for approval.
    • Unified Approval Actions: Approvers can view requester details, purpose, impacted services, approval levels, and comments all in one place, and approve or reject requests directly within the same record.
    • Audit Trail: Every comment and approval action is recorded and attributed, ensuring transparency and accountability.
    • Generative AI Integration: AI-driven recommendations help streamline approvals for exceptions and false positive requests, enhancing decision-making speed and accuracy.
    • Legacy Support: Links to legacy approval requests are maintained during the migration period for continuity.

    Benefits for ServiceNow Customers

    • Improved efficiency in managing vulnerability and compliance exception approvals through a single, intuitive interface.
    • Enhanced visibility into approval statuses, due dates, and exceptions to prevent missed or overdue actions.
    • Streamlined collaboration and communication via integrated comments and approval history.
    • Reduced risk of error with AI-assisted recommendations and direct access to detailed findings and remediation data.
    • Simplified tracking and management of all approval requests, including extensions and repeated rejections, ensuring comprehensive oversight.

    The approval process in Security Exposure Management for vulnerability and compliance exceptions is unified to simplify workflows, improve visibility, and streamline actions for Approvers.

    The Approvals landing page provides a comprehensive view of all approval requests initiated by remediation owners to view specific requests, with navigation widgets such as:
    • Today’s approvals: Approvals due for action today (e.g., an unassignment request expiring by end of day).
    • Pending approvals: Approvals awaiting action beyond today across all request types.
    • Exception approvals: Approvals specifically for exception requests (e.g., a request to allow delayed patching of a high-risk vulnerability).
    • False positive approvals: Approvals for requests flagged as false positives (e.g., scanner incorrectly reporting a vulnerability on a host).
    • All approvals: Consolidated list of all approvals, including exception, false positive, risk reduction, and unassignment (e.g., a single view of everything awaiting your approval).
    • Overdue approvals: Approvals that have crossed their due date (e.g., a risk reduction request that was supposed to be approved yesterday).
    • Expiring exceptions: Exceptions scheduled to expire within the next 7 days.
    • Exception extensions: Deferral extension requests raised after an initial exception request was approved. The initial request may still be in an approved state or may have already expired. This widget covers two scenarios:
      • An extension request raised directly against an existing finding.
      • A new vulnerability change approval (VCA) created after a previously approved VCA's finding expired. This new request is treated as a continuation of the original exception.
    • Repeated rejections: Approvals where a remediation owner has resubmitted a VCA for the same deferral exception after a prior VCA was rejected.
    Each approval request contains interactive links that provide access to detailed information, including Record Reference for findings, Request Type, Request Number, Risk Rating, Remediation Status, Approval Assignment Group, and Current State. You can also access click-able links to view details related to associated findings. See Configure Approval List and Form View.

    When opening a finding record (e.g., VIT, AVIT, CVIT, Test Results), users can view detailed attributes such as state, remediation status, assignment group, information about the finding, relevant detections, change approvals, and requested approvals.

    You can defer a finding or remediation task directly from its respective form in the Security Exposure Management workspace. Once submitted, the request is sent for approval. This unification offers:

    View the requester, purpose, impacted services, approval levels, and comments all in one place.

    Approvers can approve or reject requests directly within the same record. See Reviewing an Approval Request.

    Every comment and approval action is recorded and attributed.

    You can use generative AI to streamline the approval process for exceptions and false positive requests with AI-driven recommendations. For more information, see: Generate approval recommendations with generative AI

    All requests including pending, overdue, or completed, are easy to locate and manage in the single view. Links to legacy approval requests are available for items that remain in the old flow during the migration period.