on 01-25-2011 5:51 PM
forum might be able to provide some guidance.
My client would like to have the following requirements:
When violations are identified in CUP, route to the Compliance Manager stage for mitigation. If no violation, auto provision. Pretty sure we can do this though a simple detour, no problem. The tricky part is that the Compliance Manager only wants to be sent conflicts ranked HIGH.
I would alternatively send all violations to the compliance manager and only mitigate (enforce mitigation) on high violations but we have a capacity issue and that person only wants to see requests where we have high violations. if we send them all requests with all violations levels they could get overwhelmed since inherently there will probably be more Mediums and lows
I know this can't technically be don't in 5.3 but I was wonder if anyone else has any clever solution such as using two rule sets for this or maybe disabling the mediums and lows for provisioning then enabling them for say monthly RAR reporting.
Any ideas would be appreciated,
As far as I am aware there is no automated way to do this. An alternate would be for the security team to direct the request if it is in the workflow path to the compliance manager manually based on your criteria.
Regards,
Chinmaya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kyle
Chinmaya is right. There is no Automatic way of doing it. It will be a manual process. Maybe you can have a report of just HIGH violations, that can be automated on a periodic basis and send that report to the manager
Worth a shot !!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kyle,
This won't be possible directly but I have done this at couple of my clients by applying the solution as below?:
Create a new ruleset with only HIGH violations which is a subset of your main (Current) ruleset. Now, make the new ruleset as Default ruleset in RAR so CUP will only check the violations against this ruleset. Whenever you need reporting against all the risk levels then run the analysis in RAR against the main ruleset.
Regards,
Alpesh
Alpesh,
This is what I was thinking as well but I have some concerns and questions.
Would you have one rule set with just highs (CUP) and the other with medium and lows (RAR)? Or one with highs (CUP) and a full rule set for monthly analysis (RAR)?
I think you would need to use the first options otherwise you would have some duplication when maintain "high" rules. Also what about mitigation? If you use option two you will have some mitigation issue right? Our client would like to mitigated the high's at the user level and the mediums and lows monthly at the role level.
Another option I thought of was to disable all mediums and lows during normal provisioning, then enable them once a month when running monthly reporting. thoughts?
Any further clarification would be appreciated.
Kyle
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.