Control Types and Categories

Identity Governance

Identity Governance controls are intended to mitigate the risk of inappropriate user accounts having the ability to access systems. Identity governance controls regulate the exchange of identity and role information between application systems; both internally and externally. These controls are paramount in governing the who, what, when, where, why and how for accessing systems and the data contained therein. Joiners, Movers and Leavers are also managed with identity governance controls.

The following Identity Governance related controls are organized by Platform. You can also “Jump To” Control Types and Categories by clicking on the link located at the right of this screen.

The following are links to more detailed pages:

All

Showing 28 controls:
Control TitleControl TypeRisk Rating
Access Request lifecycle reports Identity Governance Medium
Access requests about to expire in certain time period Identity Governance Medium
Authentication – Inactive users should not log-in to SSM Identity Governance High
Authorization – High Privileged Access in SSM Identity Governance, Least Privilege High
History of all roles assigned to a SSM User over the user lifetime. Identity Governance Low
History of all SSM page views by a user over the user lifetime. Identity Governance Low
History of all user groups association with a SSM User over the user lifetime. Identity Governance Low
History of user creation and updation through SSM Web UI Identity Governance Low
Monitor “Active” users with duplicate accounts in SSM Identity Governance, IT General Controls Medium
Monitor “Active” users with “Inactive” Managers Identity Governance Medium
Monitor “Active” users with “Incorrect” Managers Identity Governance Medium
Monitor certifications launched for users during movers event Identity Governance Medium
Monitor “Dormant” accounts Identity Governance Medium
Monitor inactive users with active accounts Identity Governance High
Monitor missing role owners Identity Governance, IT General Controls High
Monitor new/total “Active” users with invalid or missing information such as email address. Identity Governance Low
Monitor Orphan Accounts Identity Governance High
Monitor SSM users (new/total) created in SSM Identity Governance Low
Monitor SSM users (new/total) moved in SSM Identity Governance Low
Monitor SSM users (new/total) terminated in SSM Identity Governance Low
Monitor users who have been provided with a birth right access Identity Governance Medium
Out of Band – Inactivation of Accounts – Directly deactivating accounts in an application without using SAM to control Identity Governance, IT General Controls High
Out of Band – Request vs Actual – Directly modifying access in an application without using SAM to control Identity Governance, IT General Controls High
Out of Band – Rouge Accounts – Directly creating accounts in an application without using SAM to control Identity Governance, IT General Controls High
Revoke user access for a user after HR termination event Identity Governance High
Role and Entitlements Management Identity Governance, IT General Controls, Least Privilege High
SAV Role Management – Versioning and history of role definition Identity Governance Low
Threshold on number of users that can be terminated during Data Import through connectors in SSM Identity Governance Medium

AWS

Showing 5 controls:
Control TitleControl TypeRisk Rating
AWS IAM users deprovsioning Identity Governance High
High privileged Users with non-rotated creds Identity Governance Medium
IAM users with delete rights on CF templates Identity Governance High
Inactive AWS IAM Users Identity Governance Medium
Terminated users with an AWS Identity and Access Management (IAM) user account Identity Governance, IT General Controls High

GApps

Showing 3 controls:
Control TitleControl TypeRisk Rating
GApps – External users with access to Files Identity Governance Medium
GApps – External users with access to GApps Folders Identity Governance Medium
GApps – Top 5 external users with access to files Identity Governance Medium

GCP

Showing 5 controls:
Control TitleControl TypeRisk Rating
Detects accounts of type NULL Cloud Controls, Identity Governance Low
Detects all active accounts without any entitlement association Cloud Controls, Identity Governance Low
Detects orphan accounts Identity Governance Medium
Detects active accounts not logged in last 45 days Cloud Controls, Identity Governance Medium
Ensure that corporate login credentials are used instead of Gmail accounts Cloud Controls, Identity Governance Medium

GitHub

Showing 6 controls:
Control TitleControl TypeRisk Rating
Organizations with no members Cloud Controls, Identity Governance Medium
Repositories with no members Cloud Controls, Identity Governance Medium
Teams with full access on Organizations Identity Governance High
Teams with full access on Repositories Identity Governance Medium
Users with full access on Organizations Identity Governance High
Users with full access on repositories Identity Governance High

JD Edwards

Showing 6 controls:
Control TitleControl TypeRisk Rating
Count of Applications (programs and reports) by User Identity Governance Medium
JDE – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High
Monitor accounts with access to dev, test and production environments Identity Governance High
Monitor employees with more than one user account Identity Governance High
Monitor generic user accounts – IDs not associated with an active employee Identity Governance High
Monitor unlocked accounts associated with terminated users Identity Governance, IT General Controls High

MS Dynamics GP

Showing 1 control:
Control TitleControl TypeRisk Rating
MD Dynamics GP – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

Office 365

Showing 10 controls:
Control TitleControl TypeRisk Rating
List of external users having access to document libraries with unique permissions in internal sites Cloud Controls, Identity Governance High
List of external users having access to SharePoint Sites Cloud Controls, Identity Governance High
List of Orphaned Permissions on Sharepoint Sites Cloud Controls, Identity Governance High
SharePoint External users list Cloud Controls, Identity Governance Low
Sites with Orphaned External Users Cloud Controls, Identity Governance Low
Terminated users with O365 licenses Cloud Controls, Identity Governance Low
Total Accounts in Office365 Cloud Controls, Identity Governance Low
Total Active Accounts in Office365 Cloud Controls, Identity Governance Low
Total Inactive accounts Identity Governance Low
Total Orphan Accounts in O365 Cloud Controls, Identity Governance Low

Oracle EBS

Showing 10 controls:
Control TitleControl TypeRisk Rating
Count of Functions by User Identity Governance Medium
Count of Responsibilities by User Identity Governance Medium
Database accounts have appropriate access Identity Governance High
Monitor accounts with no logins and no password changes Identity Governance Medium
Monitor all user accounts that have created other User IDs Identity Governance Medium
Monitor employees with more than one user account Identity Governance High
Monitor unlocked stale accounts with no activity for more than 3 months Identity Governance Medium
Monitor users with future end-dated responsibilities Identity Governance Medium
Monitor users with future end dates Identity Governance Medium
Oracle EBS – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

Oracle ERP Cloud

Showing 1 control:
Control TitleControl TypeRisk Rating
Oracle ERP Cloud – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

PeopleSoft

Showing 6 controls:
Control TitleControl TypeRisk Rating
Count of Permission Lists by User Identity Governance Medium
Monitor employees with more than one user account Identity Governance High
Monitor generic user accounts – IDs not associated with an active employee Identity Governance High
Monitor unlocked accounts associated with terminated users Identity Governance, IT General Controls High
Monitor unlocked stale accounts with no activity for more than 3 months Identity Governance Medium
PeopleSoft – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

SalesForce

Showing 10 controls:
Control TitleControl TypeRisk Rating
External users with Write access to object records Identity Governance High
Groups with access to Object records Identity Governance Medium
Groups with no users Identity Governance Low
Manual Sharing of object records to External Users Identity Governance High
Permission Set Usage Identity Governance Low
Profile Usage Identity Governance Low
SalesForce – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High
Users with high risk permissions Identity Governance, Least Privilege High
Users with Modify All Data Permissions Identity Governance High
Users with View All Data Permissions Identity Governance Low

SAP

Showing 2 controls:
Control TitleControl TypeRisk Rating
Monitor users locked for more than 6 months and not deleted Identity Governance Medium
SAP – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

SAP HANA

Showing 2 controls:
Control TitleControl TypeRisk Rating
Monitor locked users for more than 6 months that are not deleted Identity Governance High
Review read only roles with write/execute/change access Identity Governance High

Workday

Showing 1 control:
Control TitleControl TypeRisk Rating
Workday – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High