You can display the most important information about a mitigating control on the overview form.
To obtain an overview of a mitigating control
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select the mitigating control in the result list.
-
Select the Mitigating control overview task.
The reduction in significance of a mitigating control supplies the value by which the risk index of a compliance rule is reduced when the control is implemented.One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.
Calculating mitigation for rule violations depends on the QER | CalculateRiskIndex | MitigatingControlsPerViolation configuration parameter.
Table 30: Effect of configuration parameters on calculating mitigation
Deactivated |
The compliance rule's reduced risk index is calculated. This takes mitigating controls into account that are assigned to a compliance rule. |
Enabled |
The compliance rule's risk index is not reduced. The reduced risk index corresponds, therefore, to the compliance rule's risk index.
This calculates the reduced risk index of identities with rule violations and takes into account mitigating controls that were assigned to a rule violation during an exception approval. |
Risk index (reduced) = Risk index - sum significance reductions
If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.
The following configuration parameters are additionally available in One Identity Manager after the module has been installed. Some general configuration parameters are relevant for Identity Audit. The following table contains a summary of all applicable configuration parameters for Identity Audit.
Table 31: Overview of configuration parameters
QER | ComplianceCheck |
Preprocessor relevant configuration parameter to control component parts for Identity Audit. Changes to the parameter require recompiling the database.
If the parameter is enabled, you can use the model components.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | ComplianceCheck | CalculateImmediately |
Processing tasks for recalculating rule violations are immediately started when relevant changes occur. |
QER | ComplianceCheck | DisableSelfExceptionGranting |
Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations. |
QER | ComplianceCheck | EmailNotification |
This parameter is used for mail notifications.
Information about notifying during compliance checking is defined under this parameter. |
QER | ComplianceCheck | EmailNotification | DefaultSenderAddress |
Sender's default email address for sending automatically generated notifications about rule checking. Replace the default address with a valid email address. |
QER | ComplianceCheck | EnableITSettingsForRule |
IT Shop properties for the compliance rule are visible and can be edited. |
QER | ComplianceCheck | IncludeTSBPersonUsesAccount |
This configuration parameter specifies whether permissions for using shared identities are included in rule checking. |
QER | ComplianceCheck | PlainSQL |
SQL text is only permitted for rules in advanced mode. |
QER | ComplianceCheck | SimpleMode |
Preprocessor relevant configuration parameter for controlling the definition of rule conditions for compliance rules. Changes to the parameter require recompiling the database.
If this parameter is set, you can set up rule conditions with a simplified definition. |
QER | ComplianceCheck | SimpleMode | NonSimpleAllowed |
Rules can be created in advanced mode |
QER | ComplianceCheck | SimpleMode | ShowDescriptions |
Displays additional input fields for describing the compliance rules in the Rule Editor. |
QER | CalculateRiskIndex |
Preprocessor relevant configuration parameter controlling system components for calculating the risk index. Changes to the parameter require recompiling the database.
If the parameter is enabled, values for the risk index can be entered and calculated.
If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide. |
QER | CalculateRiskIndex | MitigatingControlsPerViolation |
This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account. |