05-09-2014 1:43 PM
Hello All,
Mitigation control assignments are part of day to day activities for consultants involved in GRC Access Control operation, complaince & management.
In due course, there are lot of mitigation controls which becomes obsolete due to roles and user being removed, expired etc.
Cleaning up obsolete mitigation controls has been a period and lengthy task.
Do we have an automated approach for removal of obsolete mitigation controls ? Any solutions with 10.1 release ?
Regards,
Suvonkar
05-09-2014 2:06 PM
Dear Suvonkar,
you can use the invalid mitigation report to figure out obsolet assignments.
Report can be started in the user risk analysis > Mitigation Analysis.
This job can also be scheduled as background job and run daily.
Hope this helps.
REgards,
Alessandro
05-09-2014 2:06 PM
Dear Suvonkar,
you can use the invalid mitigation report to figure out obsolet assignments.
Report can be started in the user risk analysis > Mitigation Analysis.
This job can also be scheduled as background job and run daily.
Hope this helps.
REgards,
Alessandro
05-09-2014 3:33 PM
Hi Alessandro,
Yes, the report would certainly help in figuring out the mitigation which are invalid.
However, the invalid mitigation are manually removed.
Usually for mass mitigation removal, the existing mitigation control assignments are exported and rectified and then import to reflect the changes in GRC box.
I was wondering similar to the report wherein the invalid mitigation controls are identified, could they also be automatically removed as well. May be through a program!
Regards,
Suvonkar
05-12-2014 9:02 AM
Dear Suvonkar,
as I know there is no program to remove invalid mitigations automatically.
As a workaround you can use the program to down- and upload mitigations. Programs are GRAC_DOWNLOAD_MIT_ASSIGNMENTS and GRAC_UPLOAD_MIT_ASSIGNMENTS.
After downloading all mitigations I manually change them in Excel and upload again. You can either remove a complete mitigation by removing a line, or change the validity date if you would like to have the mitigation archived.
Hope this helps.
Best regards,
Alessandro
05-14-2014 8:06 AM
Hi Alessandro,
I am facing a strange behavior. We have a mitigated user. I have removed the backend role expecting that the "invalid mitigation controls" report shows the result as mentioned by you. Do you have an idea what is the problem? May I need to run some synch jobs before?
The "mitigation controls" still shows the control assignment which is no more rigth.
Best regards Nguyen
05-14-2014 8:17 AM
Hi Nguyen,
did you re-run the batch risk analysis after the sync job? After running all jobs it should actually show as "invalid mitigation" in the report as mentioned above.
Regards,
Alessandro
05-14-2014 1:04 PM
Hi Alessandro,
I ran the job GRAC_REPOSITORY_OBJECT_SYNC and then GRAC_BATCH_RISK_ANALYSIS.
Did I missed something?
I still have no invalid results.
Regards Nguyen
05-14-2014 3:02 PM
Hi Nguyen,
but the mitigation is still active? And the risk is remediated? Actually it should come up in the report.
Regards,
Alessandro
05-14-2014 6:41 PM
Hi Alessandro, yes to both questions. I have opened an OSS message. I will keept you updated what went wrong.
Thanks and regards Nguyen
09-01-2014 10:15 AM
Hi Nguyen,
Did you receive any response for your OSS message yet?
Please share with us your findings.
Thanks!