on 01-28-2010 7:42 PM
In our GRC 5.3 (SP10) system, I have a mitigating control to Risk valid for 730 days (2 years) in RAR. Then in CUP, I have the role reaffirm period set at 12 months. When I mitigate a role directly in RAR, the validity date is 2 years. However, when I mitigate the risk's through ERM, my valid from date is today (1/28/2010) and my valid to date is 5/8/2010. Does anyone know where this (seemingly) random valid to date is coming from?
This is what my "mitigated roles" screen looks like:
Y_NY_DEPT_DIVA Division Administrator FI001 E01800201 1/28/2010 5/8/2010 ANF2018
Y_NY_DEPT_DIVA Division Administrator FI001 E01800401 1/28/2010 5/8/2010 ANF2018
Y_NY_DEPT_NON_PUR_REQ_ENTRY Purchasing Req Entry FI001 E018* 1/28/2010 1/28/2012 ANF2018
Hi Victor,
SAP came back with "It will be fixed in SP13 due out in Aug 2010".
Thanks,
Peggy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We use the default 365 days for Mitigating Controls default expiration time. We are running Compliance Calibrator 5.2. We would like to extend the Mitigatinc control "valid to" date for another year. How do we go about changing the "Valid to" date. If you can help, we need an answer really soon, as our Mitigating Controls are about to expire.
Thank you,
Harry P. Sykes, Jr.
SAP GRC and Security Consultant
ABB, Inc.
440-585-8698
I have opened a CSS message with SAP.
Thanks,
Peggy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have the CUP configuration for "Default Duration (Days) for the Mitigation Control" set to 365.
I have the RAR configuration for "Default expiration time for Mitigating Controls (in days)" set to 730.
My URL for "Web Service Info for CC Mitigation" is:
http://<server>:<port>/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
While in ERM and I click on the Risk ID under the Risk Violations, here is what I see:
*Risk Mitigation*
Mitigating Control* Select
Role Name* Y_NY_HR_PAYROLLTEST
Risk ID* H010001
Monitor ID* Select
Control Valid From*
Control Valid To*
The Control Valid From date is always the current date.
The Contorl Valid To date is always 100 days past the current date.
I expected it to be either 365 days later or 730 days later.
Plus, it doesn't let me edit it - so I can't even change it.
Thank all of you for your help on this. I am curious what other people see in their system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It also seems strange that the number of days it picks is always 100 days - it's always consistantly 100 days. Sure seems like a configuration setting but I can't find it.
Thanks,
Peggy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Peggy,
CUP has a separate configuration setting for Mitigation control validity, which is always used by system if you mitigate anything from CUP.
I wasn't able to find any similar config in ERM, not sure where it is coming from in your case.
Can you please check what value you have in CUP under config-->mitigation for "Default Duration (Days) for the Mitigation
Control".
As Dylan mentioned what URL did you specify in ERM for Mitigation control web service, the config "Do not use Web Service; CC deployed on the same server " is only available for Risk analysis webservice, may be the system to which mitigation url is pointing has different validity for mitigating control.
Regards,
Amol
I picked the option: Do not use Web Service; CC deployed on the same server since all components are deployed on the same server.
Thanks,
Peggy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Peggy,
Is the Mitigation Web Service pointed to the correct URL? Maybe it pointing to a different system?
ERM Configuration --> Miscellaneous --> Web Service Info. for CC Mitigation
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.