Control Types and Categories

IT General Controls

IT General Controls, AKA “ITGC” are basic controls that can be applied to all IT systems such as applications, operating systems, databases, and supporting IT infrastructure. Some ITGC controls have been provided their own section on this exchange for the purposes of further highlighting their significance in the controls exchange.

The following Identity Governance related controls are organized by Platform. You can also “Jump To” Control Types and Categories by clicking on the link located at the right of this screen.

The following are links to more detailed pages:

All

Showing 21 controls:
Control TitleControl TypeRisk Rating
Access requests pending with “Inactive” Approvers IT General Controls Low
Certification audit history: List all the details/tasks of a completed certification IT General Controls High
Certification progress history IT General Controls Low
Certifications with errors IT General Controls Low
Entitlements added or removed IT General Controls Medium
Monitor access requests in SSM IT General Controls High
Monitor “Active” users with duplicate accounts in SSM Identity Governance, IT General Controls Medium
Monitor all users and their access for whom the Certification is expired IT General Controls Low
Monitor Inactive Certifiers IT General Controls Medium
Monitor missing managers for users in Certification scope IT General Controls Medium
Monitor missing role owners Identity Governance, IT General Controls High
Monitor pending access review for users marked “Does not work for me” IT General Controls Medium
Monitor pending certifications IT General Controls Medium
Monitor pending tasks – for “Locked” certifications IT General Controls Medium
Out of Band – Inactivation of Accounts – Directly deactivating accounts in an application without using SAM to control Identity Governance, IT General Controls High
Out of Band – Request vs Actual – Directly modifying access in an application without using SAM to control Identity Governance, IT General Controls High
Out of Band – Rouge Accounts – Directly creating accounts in an application without using SAM to control Identity Governance, IT General Controls High
Pending tasks – for any type of access request IT General Controls Medium
Pending tasks – from data recon IT General Controls Medium
Revoke all access if Certification is expired IT General Controls High
Role and Entitlements Management Identity Governance, IT General Controls, Least Privilege High

AWS

Showing 2 controls:
Control TitleControl TypeRisk Rating
Terminated users with an AWS high privileged user account Cloud Controls, IT General Controls High
Terminated users with an AWS Identity and Access Management (IAM) user account Identity Governance, IT General Controls High

JD Edwards

Showing 4 controls:
Control TitleControl TypeRisk Rating
JDE – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High
Limit access that create Segregation of Duties risk IT General Controls, Least Privilege High
Monitor all user accounts that have created other User IDs IT General Controls Medium
Monitor unlocked accounts associated with terminated users Identity Governance, IT General Controls High

MS Dynamics GP

Showing 1 control:
Control TitleControl TypeRisk Rating
MD Dynamics GP – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

Oracle EBS

Showing 21 controls:
Control TitleControl TypeRisk Rating
Brute force attack on the app/DB IT General Controls High
Count of Functions by Responsibility IT General Controls Medium
Logging of unsuccessful login attempts IT General Controls High
Monitor access of Oracle Forms for under utilization IT General Controls Medium
Monitor active Responsibilities with menu and function exclusions IT General Controls Low
Monitor all delivered accounts, generic accounts and super user accounts with recent password changes IT General Controls High
Monitor Audit SYS operations being turned off IT General Controls High
Monitor Audit Trail being turned off IT General Controls High
Monitor authentication configuration updates to the database IT General Controls High
Monitor Database audit being turned off IT General Controls High
Monitor direct database logins to EBS schema database accounts IT General Controls High
Monitor generic user accounts – IDs not associated with an active employee IT General Controls High
Monitor new database accounts created IT General Controls High
Monitor non end-dated Responsibilities not assigned to any user accounts IT General Controls Low
Monitor Page Access Tracking being turned off IT General Controls High
Monitor Sign-On Audit being turned off IT General Controls High
Monitor unlocked or non end-dated accounts associated with terminated users IT General Controls High
Monitor updates to AOL tables under Audit Trail IT General Controls High
Monitor User SYSADMIN logins IT General Controls High
Oracle EBS – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High
Restrict DB accounts with no corresponding application account IT General Controls High

Oracle ERP Cloud

Showing 1 control:
Control TitleControl TypeRisk Rating
Oracle ERP Cloud – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

PeopleSoft

Showing 5 controls:
Control TitleControl TypeRisk Rating
Logging of unsuccessful login attempts IT General Controls High
Monitor all user accounts that have created other User IDs IT General Controls Medium
Monitor objects in PeopleSoft to ensure they are controlled by an object group IT General Controls
Monitor unlocked accounts associated with terminated users Identity Governance, IT General Controls High
PeopleSoft – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

SalesForce

Showing 1 control:
Control TitleControl TypeRisk Rating
SalesForce – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High

Workday

Showing 1 control:
Control TitleControl TypeRisk Rating
Workday – Govern Access to Critical Roles Identity Governance, IT General Controls, Least Privilege High