on 02-05-2016 4:43 PM
Our application has GRC 10 SP21 installed. We consistently have had problems with Mitigating Controls (which we maintain in Production) due to rule generations. When updated Functions and Risks are transported from Dev > QA > Prod, the rules have to be generated in each instance. Every time a regeneration is executed, the Rule IDs can and often change. This new Rule ID is is not connected to the MC so I have to add the NEW Rule ID and the Role to the existing MC. I have had to do this countless time and it is extremely time consuming.
Has anyone encountered this situation before and know if there us a fix for this?
I'd appreciate any suggestions you could provide; thank you very much.
Hello,
As per my understanding, we do not keep rule IDs same in DEV-QA-PROD. MC will be created in PROD with existing rule ID. When we generate the function/rule in PROD itself then rule ID will not be changed. However you can assign MC of respective risk ID initially in DEV and study the behavior of MC's. After assuring all is fine, same need to be replicated in PROD followed by respective risk/function generation against valid connector/connector group.
Hope this clears the issue.
Thanks,
Sachin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Novella,
Instead of mitigating specific rule id of risk you can keep it as * as risk will get mitigated and next time once you generate rules there is no need to add new rule id and mitigate it.
Regards,
Rakesh Kirve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Rakesh. Unfortunately we've not been able to mitigate at the Risk ID level with Rule ID = * for the following reasons:
So, I'm stuck.
Thanks, Jane
Hi,
Mitigation controls created in your scenario are specific to rule ids but if you create mitigation control as per risk I'd it will be more helpful.
Because the rule ids whatever get generate points to the same risk so even the rules ids are different user will be having same risk.
Approach you have used will get restricted as per rule is generated for risk. everytime u do changes in risk new rule ids will be generating for that u will have to create new mitignt controls or existing mitigation controls have to be modified.
Regards,
Rakesh Kirve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.