on 12-15-2010 9:03 AM
Hi all!
Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?
I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?
Many thanks in advance! any help would be welcomed.
Margarita.
Hi Margarita,
If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.
For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.
Also in RAR following things needs to be done.
RAR Configuration->Risk analysis-> Defaults values.
Exclude mitigated Risk as yes.
RAR Configuration-> Risk Analysis ->Additional options
Include Role/Profile Mitigating Controls in User Analysis as yes.
If above values are defined as No. than Risk Voilation will be shown in the request.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.