on 03-12-2010 4:42 PM
I have created a mitigating Control for a role and added the specific Risk ID. If I run Risk Analysis on the role; it now shows up clean. But if I run Risk Analysis on the users that have the role; the still show the risk. Do I need to create the mitigating control for the role as well as each user that has the role?
Thank You,
Thanks to all that helped. My problems are now solved.
I tried to give each of you points for your help; but i get an error every time I click on one of the point levels.
Thank You,
Ryan Dearman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sirish,
I did have to set "Include Role/Profile Mitigating Controls in User Analysis" to Yes. Thanks for that. When I run Risk Analysis on the user the mitigated Risks are no longer visible.
So, I am halfway there.
I still see the Risks while viewing CUP tickets. Is there a background job that pushes the change to CUP?
Thanks,
Ryan Dearman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ryan,
When you run the risk analysis on user level, did you selected the option "Exclude mitigated risks"?
In addition, you have set the configuration parameter "Include Role/Profile Mitigating Controls in User Analysis"
to YES by going to Configuration -> Additional Options.
In the configuration -> Risk Analysis -> Default Values -> Exclude Mitigated Risks needs to be set to YES.
In addition put * after the risk((ex: F001*) in your mitigation control.
Hope this helps.
Best Regards,
Sirish Gullapalli.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.