cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUP-5.3-SP13-Mitigation Controls by rol/users

Go to solution
Former Member

on ‎12-15-2010 9:03 AM

0 Kudos

Hi all!

Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?

I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?

Many thanks in advance! any help would be welcomed.

Margarita.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-15-2010 9:22 AM
0 Kudos

Hi Margarita,

If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.

For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.

Also in RAR following things needs to be done.

RAR Configuration->Risk analysis-> Defaults values.

Exclude mitigated Risk as yes.

RAR Configuration-> Risk Analysis ->Additional options

Include Role/Profile Mitigating Controls in User Analysis as yes.

If above values are defined as No. than Risk Voilation will be shown in the request.

Kind Regards,

Srinivasan

Show replies
Show replies

Answers (0)

Ask a Question