on 10-26-2010 11:24 AM
All,
I wanted to get your opinion on building a "global" ruleset for multiple sites.
Currently we are using the standard ruleset, customized to meet our needs.As we roll out AC (RAR) to other sites around the world we are wondering how to localize the ruleset. How do we account for smaller offices with less people? They will violate many SoD violations we currently have.
Also, I know in CUP 5.2 SoD violation checks were run against the ruleset set as "default" in RAR. Is this still the case in 5.3? If so, how do you account for multiple rulesets?
Thanks so much,
Grace Rae
All,
I wanted to get your opinion on building a "global" ruleset for multiple sites.
Currently we are using the standard ruleset, customized to meet our needs.As we roll out AC (RAR) to other sites around the world we are wondering how to localize the ruleset. How do we account for smaller offices with less people? They will violate many SoD violations we currently have.
One way of attending this concern is to use Org rules and then run the Jobs/analysis based on Org rules and corresponding risks specific to that region
Also, I know in CUP 5.2 SoD violation checks were run against the ruleset set as "default" in RAR. Is this still the case in 5.3? If so, how do you account for multiple rulesets?
Unfortunately, still it is the same case. CUP picks up the same Ruleset which sets as u201Cdefaultu201D in RAR for analysis
Thanks
Qalid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Grace,
in older version of GRC i.e. 4.0 , we had option of one Global Ruleset for all system.
However in GRC AC 5.x, this option is gone. now we have to create one rule set per system.
in latest version 5.3 (may be it was in 5.2..... don't remember...), we have option to create one Logical System and under it's unbrella many system can be added. so now you can generate rule per LOGICAL system.
so now you can set one LOGICAL system as your default ruleset.
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.