Configuration Compliance states

Configuration Compliance offers a state model for the status of the test results group at any given time. Test result group states control test result states based on precedence.

Test Result Group States

Test result groups have many possible states. Automatic transition is available from the Resolved state based on the next scan results. If all test results pass on the next scan, the group is closed. Otherwise it transitions to Under Investigation. Work notes are updated to reflect the transition.

Configuration Compliance state flow diagram
Note: Each group form contains Follow and Update buttons which are standard for ServiceNow tasks.
State Description
Open State upon creation.
Under Investigation Triggered by the Start Investigation button. From this state you can:
Create a Change Request
See Create a change request in Configuration Compliance for more information.
Defer
Provide a reason and select a reopen date.
Close
Provide a resolution and notes. Closes the group.
Delete
Confirm the deletion. Removes the group
Deferred Triggered by the Defer button. From this state you can:
Reopen
Transitions back to an Open state.
Close
Provide a resolution and notes. Closes the group.
Delete
Confirm the deletion. Removes the group.

Deferment information appears under the Defer/Close related tab. On the defer date, the group reopens for remediation.

Awaiting Implementation Triggered by the Awaiting Implementation button. From this state you can:
Create a Security Incident
See Create a security incident for more information.
Create a Change Request
See Create a change request in Configuration Compliance for more information.
Resolve
Select a Resolution and add notes. Choices are
  • Result Invalid
  • Cancelled
  • Fixed

State becomes Resolved. Notes appear under the Resolution related tab.

Close
Select a Resolution and add notes. Choices are:
  • Result Invalid
  • Cancelled
  • Fixed

State becomes Closed. Notes appear under the Resolution related tab.

Delete
Confirm the deletion. Removes the group.
Resolved Triggered from the Resolve button. From this state you can:
Create a Security Incident
See Create a security incident for more information.
Reopen
Transitions back to an Open state.
Close
Select a Resolution and add notes. Choices are:
  • Result Invalid
  • Cancelled
  • Fixed

State becomes Closed. Notes appear under the Resolution related tab.

Delete
Confirm the deletion. Removes the group.

Notes appear under the Notes related tab. Resolution information appears under the Resolution related tab.

Closed Triggered from the Close button. From this state you can:
Reopen
Transitions back to an Open state.
Delete
Confirm the deletion. Removes the group.

Closure information appears under the Defer/Close related tab.

  • If the Test Result Group is marked as Closed, with a non-fixed substate (such as False Positive, Risk Accepted, or Irrelevant), test results that are added to the group have their state updated to match the test result group.
  • If Test Result Group is marked as Closed or Fixed and if the test result added is not itself Closed or Fixed, the test result state does not change, and the test result group state is changed to Open.
  • If you determine that the items are a low priority, you can change their group to the Deferred state for a defined amount of time, or immediately Close them.
    Note: When test result groups are deferred or closed, you can specify substates to further define the reasons for doing so. Work notes are updated to reflect the transition.

Test Result States

The state of a test result group also changes the state of its associated test results. This mechanism has two cases.
Test results that belong to only one group
Items match the state of the group with three exceptions:
  • If the group changes its state to be Closed and its resolution(substate) to be Fixed, the item ignores that change and then falls back to the Open state.
  • If the group changes its state to be Closed and its resolution(substate) to be Cancelled, the item ignores that change and then falls back to the Open state.
  • If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed(Fixed) no matter what state the group is in.
Test results that belong to multiple groups
Test results do not match the state of the group automatically, instead it searches among all the associated groups to find the state with the highest precedence to apply. This is the state of precedence:
Closed (substate: Result Invalid) > Deferred > Resolved > Awaiting Implementation > Under Investigation > Open
Note: Closed (substate: Fixed) and Closed (substate: Cancelled) are two special cases.

Test Result Group state examples

For example:

Test Result Groups State Test result State
Group A: Open > Under Investigation

Group B: Open

Under Investigation

When Group A is Under Investigation and Group B is Open, the test result changes to Under Investigation, since after the search, between Group A and Group B, Group A has the state with the highest precedence.

Group A: Under Investigation

Group B: Open > Under Investigation

Under Investigation

When Group B is Under Investigation and Group A is Under Investigation, the test result stays as Under Investigation, since after the search, between Group A and Group B, they have the state with the same precedence.

Group A: Under Investigation

Group B: Under Investigation > Awaiting Implementation

Awaiting Implementation

When Group B is Awaiting Implementation and Group A is Under Investigation, the test result changes to Awaiting Implementation, since after the search, between Group A and Group B, Group B has the state with the highest precedence

Group A: Under Investigation > Deferred

Group B: Awaiting Implementation

Deferred

When Group A is Deferred and Group B is Awaiting Implementation, the test result changes to Deferred, since after the search, item 1 found out that between Group A and Group B, Group A has the state with the highest precedence

Group A: Deferred

Group B: Awaiting Implementation > Closed (Result Invalid)

Closed (Result Invalid) > Deferred

When Group B is Closed and the resolution(substate) is Result Invalid, and Group A is Deferred, the test result changes to Closed (Result Invalid), since after the search, between Group A and Group B, Group B has the state with the highest precedence.

Group A: Deferred

Group B: Closed (Result Invalid) > Open (via Reopen)

Deferred

When Group B is re-opened and its state changes to Open, and Group A is Deferred, the test result changes to Deferred, since after the search, between Group A and Group B, Group A has the state with the highest precedence.

Table 1. Test result state special cases
Test result group State Test result state
Group A: Under Investigation

Group B: Awaiting Implementation > Closed (Fixed or Cancelled)

Under Investigation

When Group B is Closed (substate Fixed or substate Cancelled), and Group A is Under Investigation, the test result changes from Awaiting Implementation (previously the highest precedence) to Under Investigation (currently the highest precedence).

Group A: any state

Group B: any state

If the test result source status is Fixed (updated by a scan or import), then when the group changes its state, the test result changes its state to Closed(Fixed) no matter what states the other associated groups are in. The test result search for group state does not occur.