Solved: Do we have an automated approach for removal of ob...

suvonkar_bashak · ‎05-09-2014

Hello All,

Mitigation control assignments are part of day to day activities for consultants involved in GRC Access Control operation, complaince & management.
In due course, there are lot of mitigation controls which becomes obsolete due to roles and user being removed, expired etc.

Cleaning up obsolete mitigation controls has been a period and lengthy task.

Do we have an automated approach for removal of obsolete mitigation controls ? Any solutions with 10.1 release ?

Regards,

Suvonkar

alessandr0 · ‎05-09-2014

Dear Suvonkar,

you can use the invalid mitigation report to figure out obsolet assignments.

Report can be started in the user risk analysis > Mitigation Analysis.

This job can also be scheduled as background job and run daily.

Hope this helps.

REgards,

Alessandro

alessandr0 · ‎05-09-2014

Dear Suvonkar,

you can use the invalid mitigation report to figure out obsolet assignments.

Report can be started in the user risk analysis > Mitigation Analysis.

This job can also be scheduled as background job and run daily.

Hope this helps.

REgards,

Alessandro

suvonkar_bashak · ‎05-09-2014

Hi Alessandro,

Yes, the report would certainly help in figuring out the mitigation which are invalid.

However, the invalid mitigation are manually removed.

Usually for mass mitigation removal, the existing mitigation control assignments are exported and rectified and then import to reflect the changes in GRC box.

I was wondering similar to the report wherein the invalid mitigation controls are identified, could they also be automatically removed as well. May be through a program!

Regards,
Suvonkar

alessandr0 · ‎05-12-2014

Dear Suvonkar,

as I know there is no program to remove invalid mitigations automatically.

As a workaround you can use the program to down- and upload mitigations. Programs are GRAC_DOWNLOAD_MIT_ASSIGNMENTS and GRAC_UPLOAD_MIT_ASSIGNMENTS.

After downloading all mitigations I manually change them in Excel and upload again. You can either remove a complete mitigation by removing a line, or change the validity date if you would like to have the mitigation archived.

Hope this helps.

Best regards,

Alessandro

nguyen_huynh · ‎05-14-2014

Hi Alessandro,

I am facing a strange behavior. We have a mitigated user. I have removed the backend role expecting that the "invalid mitigation controls" report shows the result as mentioned by you. Do you have an idea what is the problem? May I need to run some synch jobs before?

The "mitigation controls" still shows the control assignment which is no more rigth.

Best regards Nguyen

alessandr0 · ‎05-14-2014

Hi Nguyen,

did you re-run the batch risk analysis after the sync job? After running all jobs it should actually show as "invalid mitigation" in the report as mentioned above.

Regards,

Alessandro

nguyen_huynh · ‎05-14-2014

Hi Alessandro,

I ran the job GRAC_REPOSITORY_OBJECT_SYNC and then GRAC_BATCH_RISK_ANALYSIS.

Did I missed something?

I still have no invalid results.

Regards Nguyen

alessandr0 · ‎05-14-2014

Hi Nguyen,

but the mitigation is still active? And the risk is remediated? Actually it should come up in the report.

Regards,

Alessandro

nguyen_huynh · ‎05-14-2014

Hi Alessandro, yes to both questions. I have opened an OSS message. I will keept you updated what went wrong.

Thanks and regards Nguyen

Former Member · ‎09-01-2014

Hi Nguyen,

Did you receive any response for your OSS message yet?

Please share with us your findings.

Thanks!