Chat now with support
Chat with Support

Identity Manager 9.1 - Company Policies Administration Guide

Company policies in One Identity Manager Defining company policies
Basic data for company policies Creating and editing company policies Using default company policies Deleting company policies
Checking company policies Mitigating controls for company policies General configuration parameter for company policies

Creating and editing mitigating controls for compliance rules

To create or edit mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select a mitigating control in the result list and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the mitigating control main data.

  4. Save the changes.

Enter the following main data of mitigating controls.

Table 14: General main data of a mitigating control

Property

Description

Measure

Unique identifier for the mitigating control.

Significance reduction

When the mitigating control is implemented, this value is used to reduce the risk of denied attestation cases. Enter a number between 0 and 1.

Description

Detailed description of the mitigating control.

Functional area

Functional area in which the mitigating control may be applied.

Department

Department in which the mitigating control may be applied.

Assigning company policies to mitigating controls

Use this task to specify for which company policies the mitigating control is valid. You can only assign company policy working copies on the assignment form.

To assign company policies to mitigating controls

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select the mitigating control in the result list.

  3. Select the Assign company policies task.

    In the Add assignments pane, assign company policies.

    TIP: In the Remove assignments pane, you can remove company policies.

    To remove an assignment

    • Select the company policy and double-click .

  4. Save the changes.

Calculating mitigating controls for company policies

The reduction in significance of a mitigating control supplies the value by which the risk index of a company policy is reduced when the control is implemented.One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.

The reduced risk index is calculated from the company policy and the significance reduced sum of all assigned mitigating controls.

Risk index (reduced) = Risk index - sum significance reductions

If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.

Displaying mitigating controls overview

You can see the most important information about a mitigating control on the overview form.

To obtain an overview of a mitigating control

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select the mitigating control in the result list.

  3. Select the Mitigating control overview task.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating