立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Compliance Rules Administration Guide

Compliance rules and identity audit
One Identity Manager users for identity audit Basic data for setting up rules Setting up a rule base rule check Mail templates for notifying about identity auditing
Mitigating controls for compliance rules Configuration parameters for Identity Audit

Displaying the mitigation controls overview

You can display the most important information about a mitigating control on the overview form.

To obtain an overview of a mitigating control

  1. In the Manager, select the Risk index functions > Mitigating controls category.

  2. Select the mitigating control in the result list.

  3. Select the Mitigating control overview task.

Calculating mitigating controls fro compliance rules

The reduction in significance of a mitigating control supplies the value by which the risk index of a compliance rule is reduced when the control is implemented.One Identity Manager calculates a reduced risk index based on the risk index and the significance reduction. One Identity Manager supplies default functions for calculating reduced risk indexes. These functions cannot be edited with One Identity Manager tools.

Calculating mitigation for rule violations depends on the QER | CalculateRiskIndex | MitigatingControlsPerViolation configuration parameter.

Table 30: Effect of configuration parameters on calculating mitigation
Configuration parameters Effect

Deactivated

The compliance rule's reduced risk index is calculated. This takes mitigating controls into account that are assigned to a compliance rule.

Enabled

The compliance rule's risk index is not reduced. The reduced risk index corresponds, therefore, to the compliance rule's risk index.

This calculates the reduced risk index of identities with rule violations and takes into account mitigating controls that were assigned to a rule violation during an exception approval.

Risk index (reduced) = Risk index - sum significance reductions

If the significance reduction sum is greater than the risk index, the reduced risk index is set to 0.

Configuration parameters for Identity Audit

The following configuration parameters are additionally available in One Identity Manager after the module has been installed. Some general configuration parameters are relevant for Identity Audit. The following table contains a summary of all applicable configuration parameters for Identity Audit.

Table 31: Overview of configuration parameters

Configuration parameter

Meaning

QER | ComplianceCheck

Preprocessor relevant configuration parameter to control component parts for Identity Audit. Changes to the parameter require recompiling the database.

If the parameter is enabled, you can use the model components.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | ComplianceCheck | CalculateImmediately

Processing tasks for recalculating rule violations are immediately started when relevant changes occur.

QER | ComplianceCheck | DisableSelfExceptionGranting

Excludes rule violators from becoming exception approvers. If this parameter is set, no one can approve their own rule violations.

QER | ComplianceCheck | EmailNotification

This parameter is used for mail notifications.

Information about notifying during compliance checking is defined under this parameter.

QER | ComplianceCheck | EmailNotification | DefaultSenderAddress

Sender's default email address for sending automatically generated notifications about rule checking. Replace the default address with a valid email address.

QER | ComplianceCheck | EnableITSettingsForRule

IT Shop properties for the compliance rule are visible and can be edited.

QER | ComplianceCheck | IncludeTSBPersonUsesAccount

This configuration parameter specifies whether permissions for using shared identities are included in rule checking.

QER | ComplianceCheck | PlainSQL

SQL text is only permitted for rules in advanced mode.

QER | ComplianceCheck | SimpleMode

Preprocessor relevant configuration parameter for controlling the definition of rule conditions for compliance rules. Changes to the parameter require recompiling the database.

If this parameter is set, you can set up rule conditions with a simplified definition.

QER | ComplianceCheck | SimpleMode | NonSimpleAllowed

Rules can be created in advanced mode

QER | ComplianceCheck | SimpleMode | ShowDescriptions

Displays additional input fields for describing the compliance rules in the Rule Editor.

QER | CalculateRiskIndex

Preprocessor relevant configuration parameter controlling system components for calculating the risk index. Changes to the parameter require recompiling the database.

If the parameter is enabled, values for the risk index can be entered and calculated.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

QER | CalculateRiskIndex | MitigatingControlsPerViolation

This configuration parameter controls calculation of risk indexes for rule violations. If the parameter is set, exception approvers can assign mitigating controls to rule violations. The risk index calculation only takes these mitigating controls into account. If the parameter is disabled, risk index calculation take mitigating control assigned to compliance rules into account.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级