Creating and editing mitigating controls for company policies
To create or edit mitigating controls
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select a mitigating control in the result list and run the Change main data task.
- OR -
Click in the result list.
-
Edit the mitigating control main data.
- Save the changes.
Enter the following main data of mitigating controls.
Table 14: General main data of a mitigating control
Measure |
Unique identifier for the mitigating control. |
Significance reduction |
When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1. |
Description |
Detailed description of the mitigating control. |
Functional area |
Functional area in which the mitigating control may be applied. |
Department |
Department in which the mitigating control may be applied. |
Assigning company policies to mitigating controls
Use this task to specify for which company policies the mitigating control is valid. You can only assign company policy working copies on the assignment form.
To assign company policies to mitigating controls
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select the mitigating control in the result list.
-
Select the Assign company policies task.
In the Add assignments pane, assign company policies.
TIP: In the Remove assignments pane, you can remove company policies.
To remove an assignment
- Save the changes.
Calculating mitigating controls for company policies
The reduction in significance of a mitigating control supplies the value by which the risk index of a company policy is reduced when the control is implemented.One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.
The reduced risk index is calculated from the company policy and the significance reduced sum of all assigned mitigating controls.
Risk index (reduced) = Risk index - sum significance reductions
If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.
Displaying mitigating controls overview
You can see the most important information about a mitigating control on the overview form.
To obtain an overview of a mitigating control
-
In the Manager, select the Risk index functions > Mitigating controls category.
-
Select the mitigating control in the result list.
-
Select the Mitigating control overview task.