Violation of regulatory requirements can harbor different risks for companies. To evaluate these risks, you can apply risk indexes to attestation policies. These risk indexes provide information about the risk involved for the company if this particular policy is violated. Once the risks have been identified and evaluated, mitigating controls can be implemented.
Mitigating controls are independent on One Identity Manager’s functionality. They are not monitored through One Identity Manager.
Mitigating controls describe controls that are implemented if an attestation rule was violated. The attestation can be approved after the next attestation run, once controls have been applied.
To edit mitigating controls
- In the Designer, set the QER | CalculateRiskIndex configuration parameter and compile the database.
If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.
For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.
To create or edit mitigating controls
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select a mitigating control in the result list and run the Change main data task.
- OR -
Click in the result list.
-
Edit the mitigating control main data.
- Save the changes.
Enter the following main data of mitigating controls.
Table 61: General main data of a mitigating control
Measure |
Unique identifier for the mitigating control. |
Significance reduction |
When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1. |
Description |
Detailed description of the mitigating control. |
Functional area |
Functional area in which the mitigating control may be applied. |
Department |
Department in which the mitigating control may be applied. |
After you have entered the main data, you can run the following tasks.
You can see the most important information about a mitigating control on the overview form.
To obtain an overview of a mitigating control
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select the mitigating control in the result list.
-
Select the Mitigating control overview task.