Chat now with support
Chat with Support

Identity Manager 8.0 - Compliance Rules Administration Guide

Compliance Rules and Identity Audit
One Identity Manager Users for the Identity Audit Base Data for Setting up Rules Setting up a Rule Base Rule check Creating Custom Mail Templates for Notifications
Mitigating Controls Configuration Parameters for Identity Audit

The Mitigating Controls Overview

The Mitigating Controls Overview

You can see the most important information about a mitigating control on the overview form.

To obtain an overview of a mitigating control

  1. Select the category Risk index functions | Mitigating controls.
  2. Select the mitigating control in the result list.
  3. Select the task Mitigating control overview.

Assign Rules

Assigning Rules

Use this task to specify for which compliance rules a mitigating control is valid. You can only assign original rules on the assignment form.

To assign compliance rules to mitigating controls

  1. Select the category Risk index functions | Mitigating controls.
  2. Select the mitigating control in the result list.
  3. Select the task Assign rules.
  4. Double-click on the rules you want to assign in Add Assignments

    - OR -

    Double-click on the rules you want to remove in Remove Assignment.

  5. Save the changes.

Calculating Mitigation

Calculating Mitigation

Table 50: Configuration Parameters for Calculating Risk Indexes of Rule Violations
Configuration Parameter Active Meaning
QER\CalculateRiskIndex\MitigatingControlsPerViolation

This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account.

The significance reduction of a mitigating control supplies the value by which to reduce a compliance rule’s risk index if the control is implemented. One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.

Calculating mitigation for rule violations depends on the configuration parameter "QER\CalculateRiskIndex\MitigatingControlsPerViolation".

Table 51: Effect of the Configuration Parameter "QER\CalculateRiskIndex\MitigatingControlsPerViolation" on Calculating Mitigation
Configuration parameter Effect
Disabled The compliance rule's reduced risk index is calculated. This takes mitigating controls into account that are assigned to a compliance rule.
Enabled The compliance rule's risk index is not reduced. The reduced risk index corresponds, therefore, to the compliance rule's risk index.

The reduced risk index of employees with rule violations is calculated. This takes mitigating controls into account that were assigned to a rule violation during exception approval.

Risk index (reduced) = Risk index - sum significance reductions

If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.

Configuration Parameters for Identity Audit

The following configuration parameters are additionally available in One Identity Manager after the module has been installed. Some general configuration parameters are relevant for Identity Audit. The following table contains a summary of all applicable configuration parameters for Identity Audit.

Table 52: Overview of Configuration Parameters
Configuration parameter Meaning
QER\ComplianceCheck Preprocessor relevant configuration parameter to control component parts for Identity Audit. Changes to the parameter require recompiling the database.

If the parameter is enabled the target system modules are available.

QER\ComplianceCheck\CalculateImmediately Processing tasks for recalculating rule violations are immediately started when relevant changes occur.
QER\ComplianceCheck\DisableSelfExceptionGranting Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations.
QER\ComplianceCheck\EmailNotification

This parameter is used for mail notifications.

Information about notifying during compliance checking is defined under this parameter.

QER\ComplianceCheck\EmailNotification\DefaultSenderAddress This configuration parameter contains the sender email address for automatically generated messages during rule checking.
QER\ComplianceCheck\EmailNotification\NewExceptionApproval

This configuration parameter contains the name of the mail template which is sent if an approval exception for a new rule violation is required.

QER\ComplianceCheck\EmailNotification\NotPermittedViolation

This configuration parameter contains the name of the mail template which is sent if a new rogue rule violation occurs.

QER\ComplianceCheck\EnableITSettingsForRule IT Shop properties for the compliance rule are visible and can be edited.
QER\ComplianceCheck\PlainSQL SQL text is only permitted for rules in advanced mode.
QER\ComplianceCheck\SimpleMode Preprocessor relevant configuration parameter for controlling the definition of rule conditions for compliance rules. Changes to the parameter require recompiling the database.

If this parameter is set, you can set up rule conditions with a simplified definition.

QER\ComplianceCheck\SimpleMode\NonSimpleAllowed Rules can be created in advanced mode
QER\ComplianceCheck\SimpleMode\ShowDescriptions Displays additional input fields for describing the compliance rules in the Rule Editor.
QER\CalculateRiskIndex Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.

If the parameter is set, values can be entered and calculated for the risk index.

QER\CalculateRiskIndex\MitigatingControlsPerViolation

This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account.

Related Documents