You can see the most important information about a mitigating control on the overview form.
To obtain an overview of a mitigating control
Use this task to specify for which compliance rules a mitigating control is valid. You can only assign original rules on the assignment form.
To assign compliance rules to mitigating controls
- OR -
Double-click on the rules you want to remove in Remove Assignment.
| Configuration Parameter | Active Meaning |
|---|---|
| QER\CalculateRiskIndex\MitigatingControlsPerViolation |
This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account. |
The significance reduction of a mitigating control supplies the value by which to reduce
Calculating mitigation for rule violations depends on the configuration parameter "QER\CalculateRiskIndex\MitigatingControlsPerViolation".
| Configuration parameter | Effect |
|---|---|
| Disabled | The compliance rule's reduced risk index is calculated. This takes mitigating controls into account that are assigned to a compliance rule. |
| Enabled | The compliance rule's risk index is not reduced. The reduced risk index corresponds, therefore, to the compliance rule's risk index.
The reduced risk index of employees with rule violations is calculated. This takes mitigating controls into account that were assigned to a rule violation during exception approval. |
Risk index (reduced) = Risk index - sum significance reductions
If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.
The following configuration parameters are additionally available in One Identity Manager after the module has been installed. Some general configuration parameters are relevant for Identity Audit. The following table contains a summary of all applicable configuration parameters for Identity Audit.
| Configuration parameter | Meaning |
|---|---|
| QER\ComplianceCheck | Preprocessor relevant configuration parameter to control component parts for Identity Audit. Changes to the parameter require recompiling the database.
If the parameter is enabled the target system modules are available. |
| QER\ComplianceCheck\CalculateImmediately | Processing tasks for recalculating rule violations are immediately started when relevant changes occur. |
| QER\ComplianceCheck\DisableSelfExceptionGranting | Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations. |
| QER\ComplianceCheck\EmailNotification |
This parameter is used for mail notifications. Information about notifying during compliance checking is defined under this parameter. |
| QER\ComplianceCheck\EmailNotification\DefaultSenderAddress | This configuration parameter contains the sender email address for automatically generated messages during rule checking. |
| QER\ComplianceCheck\EmailNotification\NewExceptionApproval |
This configuration parameter contains the name of the mail template which is sent if an approval exception for a new rule violation is required. |
| QER\ComplianceCheck\EmailNotification\NotPermittedViolation |
This configuration parameter contains the name of the mail template which is sent if a new rogue rule violation occurs. |
| QER\ComplianceCheck\EnableITSettingsForRule | IT Shop properties for the compliance rule are visible and can be edited. |
| QER\ComplianceCheck\PlainSQL | SQL text is only permitted for rules in advanced mode. |
| QER\ComplianceCheck\SimpleMode | Preprocessor relevant configuration parameter for controlling the definition of rule conditions for compliance rules. Changes to the parameter require recompiling the database.
If this parameter is set, you can set up rule conditions with a simplified definition. |
| QER\ComplianceCheck\SimpleMode\NonSimpleAllowed | Rules can be created in advanced mode |
| QER\ComplianceCheck\SimpleMode\ShowDescriptions | Displays additional input fields for describing the compliance rules in the Rule Editor. |
| QER\CalculateRiskIndex | Preprocessor relevant configuration parameter controlling system components for calculating an employee's risk index. Changes to the parameter require recompiling the database.
If the parameter is set, values can be entered and calculated for the risk index. |
| QER\CalculateRiskIndex\MitigatingControlsPerViolation |
This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
