Platform Specific Controls

All

The following are links to more detailed pages:

Identity Governance

Showing 28 controls:
Control TitleControl TypeRisk Rating
Access Request lifecycle reports Identity GovernanceMedium
Access requests about to expire in certain time period Identity GovernanceMedium
Authentication – Inactive users should not log-in to SSM Identity GovernanceHigh
Authorization – High Privileged Access in SSM Identity Governance, Least PrivilegeHigh
History of all roles assigned to a SSM User over the user lifetime. Identity GovernanceLow
History of all SSM page views by a user over the user lifetime. Identity GovernanceLow
History of all user groups association with a SSM User over the user lifetime. Identity GovernanceLow
History of user creation and updation through SSM Web UI Identity GovernanceLow
Monitor “Active” users with duplicate accounts in SSM Identity Governance, IT General ControlsMedium
Monitor “Active” users with “Inactive” Managers Identity GovernanceMedium
Monitor “Active” users with “Incorrect” Managers Identity GovernanceMedium
Monitor certifications launched for users during movers event Identity GovernanceMedium
Monitor “Dormant” accounts Identity GovernanceMedium
Monitor inactive users with active accounts Identity GovernanceHigh
Monitor missing role owners Identity Governance, IT General ControlsHigh
Monitor new/total “Active” users with invalid or missing information such as email address. Identity GovernanceLow
Monitor Orphan Accounts Identity GovernanceHigh
Monitor SSM users (new/total) created in SSM Identity GovernanceLow
Monitor SSM users (new/total) moved in SSM Identity GovernanceLow
Monitor SSM users (new/total) terminated in SSM Identity GovernanceLow
Monitor users who have been provided with a birth right access Identity GovernanceMedium
Out of Band – Inactivation of Accounts – Directly deactivating accounts in an application without using SAM to control Identity Governance, IT General ControlsHigh
Out of Band – Request vs Actual – Directly modifying access in an application without using SAM to control Identity Governance, IT General ControlsHigh
Out of Band – Rouge Accounts – Directly creating accounts in an application without using SAM to control Identity Governance, IT General ControlsHigh
Revoke user access for a user after HR termination event Identity GovernanceHigh
Role and Entitlements Management Identity Governance, IT General Controls, Least PrivilegeHigh
SAV Role Management – Versioning and history of role definition Identity GovernanceLow
Threshold on number of users that can be terminated during Data Import through connectors in SSM Identity GovernanceMedium