Mitigation control ID validity extension -easy way

I work in GRC AC 5.3. All Mitigation control IDs have a validity expiration on same date in near future. Our GRC has many mitigation control IDs with mitigated users. How can I change the valid to date in convenient way?
It may be extended for all mitigated users separately/individually, but it will take huge time.

You can download all of them in a text file, make changes and upload it back via the import/export utility under mitigation tab,
Alpesh

Similar Messages

  • Validity period mitigating control

    Hi,
    I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were  regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.
    Thanks,
    John

    Hi,
    First of all, there's a special forum for GRC: "Governance, Risk and Compliance".
    Check under RAR-> configuration tab:
    Default expiration time for mitigating controls (in days) 
    When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)
    Check also under CUP->configuration->mitigation.
    You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.
    Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.
    Cheers,
    Diego.

  • Maintain Validity Date for Mitigation Control Assignment to Users Virsa 5.2

    We have over 1,000 SoD's all mitigated.  The val;idity date for these mitigation controls needs to be updated.  Does anyone know a way to perform a range of updates so it is not necessary to update each user assigned to a Mitigation Control.

    The only way to do that currently would be to download the table information, edit in Excel and re-upload the table.
    Not for the faint of heart, but doable.
    Frank.

  • Mitigation control: Sending failed No valid SAP sender address

    GRC 5.3 SP10 RAR
    In mitigation control:  I have created a new control ID. When I am trying to assign it to a user getting error
    "Sending failed No valid SAP sender address"
    Please advise to resolve the issue. I need to mitigate user.

    Hello Pal,
    Please go to RAR configuration -> Risk Analysis -> Additional Options. Here check if you have the parameter Enable Monitor Notification set to YES. If you do then set this one to NO. Also, kindly check and make sure that you have a valid email address maintained for each of the mitigation control monitor in Mitigation tab.
    If you wish to have the parameter set to yes only then you need to do the JAVA mail settings in Visual Admin. Check configuration of the JAVA mail client, which can be done using Visual Administrator, to send the Email Notification.
    (Configuration > Java Mail Client > Properties > Smtp).
    Regards, Varun
    Edited by: Thakur Varun on May 21, 2010 3:47 PM

  • Is there an easy way to edit things under an invisible control

    For clarity, I should mention that I'm trying to do these actions during edit time and not programmatically.
    I have an invisible button floating over some other controls and a decoration. What's the easiest way to interact with the things under the invisible boolean. For example how would I delete or move the decoration or maybe toggle a boolean under the invisible button.  Of course I could click on the invisible button and move it out of the way and then move it back but I'm hoping there's an easier way so I don't have to worry about repositioning the invisible button or messing around with reordering controls.
    Message Edited by InfiniteNothing on 09-29-2009 02:00 PM
    CLD (2014)

    billko wrote:
    Why would you even have the invisible control overlaying the visible ones?  Why not park it outside the visible area of your VI?  Then you don't even have to make it invisible.  Or does this control become visible at some point when running the VI?
    Bill
    I have used large invisible controls to quickly disable large selections of the front panel. It is a quick way to disable lots of controls at one time. Yes, you can disable them individually but it can be easier to disable them using a single control. If the invisible control sits over the area you want to prevent the user from interacting with you simply enable the control access to the items underneath is blocked. Disable the invisible control and everything underneath becomes usable again. I don't use this technique often but it is handy at times.
     When I have used this technique a good way for interacting with the controls underneath are to drop a property node for the control in the VI and hide it. When it is hidden you can get at the items underneath it. When you are done editing unhide the control.
    Message Edited by Mark Yedinak on 09-29-2009 04:16 PM
    Mark Yedinak
    "Does anyone know where the love of God goes when the waves turn the minutes to hours?"
    Wreck of the Edmund Fitzgerald - Gordon Lightfoot

  • Is there and easy way for Position control using analog input?

    Hi Everyone,
    I would like to set one of the axis with stepper motor using analog feedback to keep the set position which is coming from the analog input.
    In other words I would like the stepper to move when the analog input changes. I need it as a "background service" so the rest of the motion could be easily controlled from the NI-Motion Assistant.
    Is there any easy way to do this? Even complicated is ok but the control should be done by the NI Motion card not the PC processor.
    Thanks,
    Andras

    Hello Andras,
    please use the link below to get the motion example.
    http://zone.ni.com/devzone/cda/epd/p/id/353
    Kind regards,
    Elmar

  • Easy way to control IMAP access?

    Is there an easier way to control which users have IMAP access though a GWIA
    than by editing the class of service?
    What would be nice is have a eDir group which would define the users that
    can have access.
    By default I have it set class of service that enables IMAP access for
    everyone however I finding that more users are passing along the server
    addresses and adding their mobile device to send/retrieve email which is
    working but I would prefer some control over who and who doesn't have access
    without cutting everyone off and adding them to the properties of the GWIA
    agent.

    Originally Posted by dzanre
    Michael Rae wrote:
    > What would be nice is have a eDir group which would define the users that can
    > have access.
    You can have a GW distribution list that controls it though. I do that at a
    number of customer sites . . . .
    Danita
    Novell Knowledge Partner
    Moving GroupWise to Linux?
    Shopping Cart
    Danita, so if I understand this correctly, a way to control IMAP access (for example, for just users that go through a Notifylink or BES server) would be to:
    1.Disable IMAP on the GWIA default class of service
    2.Create a Groupwise distribution list that includes the person(s) you want to use IMAP
    3.Create a second class of service on the GWIA with SMTP disabled and IMAP enabled and include the distribution group created in the previous step.
    4.Stop and restart the GWIA
    Is it really that simple?
    Jeff

  • Error while uploading mitigation controls

    Dear All,
    While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
    Error in table dataVIRSA_CC_MITUSER
    SQL:=>Insert into  VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
    Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
    Below is the text file which i am uploading into the RAR for test purposes
    M     VIRSA_CC_ADMIN     USERID     NAME     EMAILID     ROLEID               
    D     VIRSA_CC_ADMIN     TEST1     TEST1     test     M          
    M     VIRSA_CC_BUSUNIT     BUSID                              
    D     VIRSA_CC_BUSUNIT     TH                              
    M     VIRSA_CC_BUSUNITT     BUSID     LANG     DESCN                    
    D     VIRSA_CC_BUSUNITT     TH     EN     Thailand                    
    M     VIRSA_CC_BUAPPVR     BUSID     APPROVERID                    
    D     VIRSA_CC_BUAPPVR     TH     TEST1                         
    M     VIRSA_CC_BUMONITOR     BUSID     MONITORID                         
    D     VIRSA_CC_BUMONITOR     TH     TEST1                         
    M     VIRSA_CC_MITREF     MITREFNO     BUSID     APPROVERID               
    D     VIRSA_CC_MITREF     TESTC1     TH     TEST1                    
    M     VIRSA_CC_MITREFT     MITREFNO     LANG     DESCN                    
    D     VIRSA_CC_MITREFT     TESTC1     EN     Test mitigation control               
    M     VIRSA_CC_MITRISK     MITREFNO     RISKID                         
    D     VIRSA_CC_MITRISK     TESTC1     F006*                         
    M     VIRSA_CC_MITMON     MITREFNO     MONITORID                         
    D     VIRSA_CC_MITMON     TESTC1     TEST1                         
    M     VIRSA_CC_MITRPT     MITREFNO     ACTIONS     VSYSKEY     MONITORID     FREQUENCY          
    M     VIRSA_CC_MITUSER     MITREFNO     RISKID     USERID     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITROLE     MITREFNO     RISKID     ROLEID     VALIDFROM     VALIDTO     MONITORID     STATUS
    D     VIRSA_CC_MITROLE     TESTC1     F006*     Z1.*.ASST-SC-FINC-MGR     6/9/2010     7/25/2010     TEST1     0     
    M     VIRSA_CC_MITHROBJ     MITREFNO     RISKID     HROBJ     HROBJTYP     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITPROF     MITREFNO     RISKID     PROFILE     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_MITUSRORG     MITREFNO     RISKID     USERID     ORGRULEID     VALIDFROM     VALIDTO     MONITORID     STATUS
    M     VIRSA_CC_DETDESC     OBJECT_TYPE     OBJECT_ID     LANG     DETAIL_DESCN     
    D     VIRSA_CC_DETDESC     MIT     TESTC1     EN     Test Mitigation control                    
    We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
    Thanks and Best Regard,
    Srihari.K

    Dear Varun,
    Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
    After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
    After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
    But when we add lines  directly in the wordpad and upload the file then it is successful.
    We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
    Is there anything wrong we  are doing here in editing and converting the files.
    Thanks and Best Regards,
    Srihari.K

  • Detect obsolete mitigating control assignments?

    Hello,
    What report/s would you use to detect obsolete mitigating control assignments?
    The scenario is: A user has been assigned a mitigating control, let's say during the CUP workflow, to mitigate a certain risk that came with a certain role. Later, that role is removed from the user. Now the user is in the scope of a mitigating control. However, the user is not even subject to the risk in question anymore.
    Which way (periodically?) could you detect these cases and clean up the mitigating control assignments?
    Thanks and regards
    Patrick

    Hey,
    My experience of cleaning up controls has not been very straight forward.
    I have had to perform various risk analysis reports and look up a list of user accounts that have been marked as "Expired" etc.
    It can be slightly more difficult  if, like many organisations, you decide to assign a control with a infinite validity period (i.e. 12.12.9999).
    The Business and Internal Control team need to be very proactive about regularly monitoring the controls and reviewing the assignments. This is one reason why I strongly recommend that controls are only assigned for a set period (i.e. 365 days/1 year), so a compulsory review takes place by the control owners/business on a regular basis. This makes the controls much more affective, robust and fit for purpose.
    Happy to hear other's opinions and ideas.

  • CC: Entering Mitigation Controls

    Hi ,
    I am entering mitigation controls in CC and am noticing 2 issues
    1) I cannot blanket mitigate a selection of users. Blanket mitigation only seems to apply if I want to mitigate all users. Is there any way to add 10 select users to a mitigation control by selecting the 10 users, rather than having to specify risk, validity dates etc. for all 10?
    2) I have noticed in SAP documentation that * should be entered after the risk ID e,g, P005*. Why should this be entered. This does not default when setting up the mitigation control and if I forget to do it, I have to delete the mitigation entry for the user and recreate. Can anybody advise why * must be entered and if there is a way to default *
    Thanks,
    Gary

    Gary,
    1)  No there is no way to select 10 individual users without creating a line item for each one.  Unless they all get the access from the same Role.  If that was the case you could just create the mitigating control for that role and anyone that would have the conflict via that Role would not appear in your risk reports.
    2)  The reason you have to enter * in the mitigating controls is so that all risk ID's are mitigated by your rule.  For example short risk ID P033 is made up of multiple long risk ID's based on each transactional combination i.e. P03300101 for ME21,ME51, P03300201 for ME21N,ME51, P03300301 for ME22,ME51, P03300401 for ME22N,ME51.
    So to cover all possible transaction combinations with a mitigating control you need to enter it for P033*.  This would also allow you to enter a mitigating control for only long risk id P03300101 it your mitigating control only covered users with access to ME21 and ME51.
    Hope that helps.
    Matt.

  • Mitigating Controls got Inactivated

    Friends,
    we got some mitigating controls popped up in controls library option under management view, but those are actually active and i suspect this is happening because of not mentioning valid to date when they are created and mitigating controls gets expired after 365 days(as per our setting).
    Is there any way that these can be reactivated or do we need to delete and re-create them.
    Thanks for the help in advance.

    Hi Srinu,
    Mitigation controls will never get inactivated. It is the users who will be out of the mitigation controls after 1 year (default mitigation period).
    However, if you are referring to the Active and Inactive controls in the management view under the control library, the Inactive controls are the one which are untouched from a long time. If you mitigate another user, it will be automatically added in the active control list.
    Hope this helps!!
    Regards,
    Raghu

  • Risks has been removed but Mitigating Control still stays with the users?

    Hi all,
        I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?

    Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.
    My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue.

  • Itunes needs help finding a 1/3 of my music library. is there an easier way

    this is my 3rd post to this question with no responses as of yet. please help
    "a couple of weeks ago i decided i needed to move my itunes folder to an external hd to save space on my macbook. everything was smooth except for itunes not being able to find a quarter of my music and me having to locate the songs one by one. i bought an iphone yesterday and decided my life would be much easier to move the music back to the computer and make room by moving other things off the macbook. i was also thinking this may remedy the missing file problem. nope. i know how to find the songs and they're in the right place, just wondering if there is an easier way then locating 3000+ songs individually? not sure whats going on. thanks "

    Again many thanks. I have tried to tidy up the folders as per your idiot guide- which term is appropriate for me
    Under iTunes Media though I do not have  folders for Books,iPod Games, Mobile Applications, Movies, TV Shows so I only have  Auto Add to iTunes, Music, Downloads and Podcasts - My question here is is this OK.
    Next - Library files that you mention are there but do not end .itdb
    Next  - in the main iTunes folder followingon from Artwork and Media folders  there is some other  iTunes database stuff like Library Extras, Library Genius, Library and Music Library(xml) all dated 10/02/12 plus MimiPlayer .dll dated 21/02/14 and Set Up Short Cut dated22/03/14  
    AND there is also a Programme Files folder with a sub folder holding file folders called CD Configuration,iTunes Resources, iTunes Help Resources, iTunes Mini Player Resources and Mozilla Plugins all dated 24/03/14 ( when I downloaded the new iTunes) and then a lot of application extension stuff from 2011
    To recap I unistalled the old 32 bit iTunes and installed the new 11.1.5 (64 bit) version over the weekend  SO is any of the old stuff listed above required.
    Outcome right now is that as previously I can only call up the Downloaded music not Podcats or CD copies.
    Regards
    David Pugh

  • Workaround for non-SAP mitigating control reminders

    Dear all,
    Our business users would like to document mitigating controls in RAR 5.3 regardless of whether they are connected with an SAP report. They would also like to receive email reminders for those controls.
    Unfortunately, the frequency of the control can only be defined per connected SAP report and reminders will only be sent for controls if the SAP report has not been executed.
    Have you been exposed with a similar requirement? It seems like a natural thing to ask from a business perspective. RAR 5.3, however, is not designed in that way.
    Have you come up with any feasible workarounds for this?
    My current approach would be to create a dummy Z-report per SAP system (such as Z_MANUAL_MITCTRL) that control monitors have to call once to confirm the execution of their control.
    Cheers and best regards
    Patrick

    Hello,
    Regarding your question, in fact this is dependant on how your UME (User Management Engine) is configured on your WAS (Web Application Server). If the UME is connected to your R/3 back-end then the user need to have a R/3 account to connect to CC, otherwise if your UME is "independant" then you just need to create an account in the UME.
    Regards,
    Jérôme.

  • Any Easy Way to pass initial parameters to a VI created with New VI?

    In LabVIEW 2010 I can use OpenG's New VI function to create and launch a VI that is built from a template.
    Is there any easy way to pass initial parameters from the VI that creates the New VI to the New VI that will be available as soon as the New VI starts?

    Check out the Control Value Set invoke node. I personally don't like this node, and tst has got a great suggestion to promote cleaner, less fragile syntax for launching VI's dynamically that require input parameters.
    a.lia-user-name-link[href="/t5/user/viewprofilepage/user-id/88938"] {color: black;} a.lia-user-name-link[href="/t5/user/viewprofilepage/user-id/88938"]:after {content: '';} .jrd-sig {height: 80px; overflow: visible;} .jrd-sig-deploy {float:left; opacity:0.2;} .jrd-sig-img {float:right; opacity:0.2;} .jrd-sig-img:hover {opacity:0.8;} .jrd-sig-deploy:hover {opacity:0.8;}

Maybe you are looking for