Skip to Content
avatar image
Former Member

CUP-5.3-SP13-Mitigation Controls by rol/users

Hi all!

Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?

I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?

Many thanks in advance! any help would be welcomed.

Margarita.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    avatar image
    Former Member
    Dec 15, 2010 at 09:22 AM

    Hi Margarita,

    If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.

    For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.

    Also in RAR following things needs to be done.

    RAR Configuration->Risk analysis-> Defaults values.

    Exclude mitigated Risk as yes.

    RAR Configuration-> Risk Analysis ->Additional options

    Include Role/Profile Mitigating Controls in User Analysis as yes.

    If above values are defined as No. than Risk Voilation will be shown in the request.

    Kind Regards,

    Srinivasan

    Add comment
    10|10000 characters needed characters exceeded