cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 - Rule Regenerations can change Rule ID (which is no longer assigned to an existing Mitigating Control)

JaneLa
Participant

on ‎02-05-2016 4:43 PM

0 Kudos

Our application has GRC 10 SP21 installed.  We consistently have had problems with Mitigating Controls (which we maintain in Production) due to rule generations.  When updated Functions and Risks are transported from Dev > QA > Prod, the rules have to be generated in each instance.  Every time a regeneration is executed, the Rule IDs can and often change.  This new Rule ID is is not connected to the MC so I have to add the NEW Rule ID and the Role to the existing MC.   I have had to do this countless time and it is extremely time consuming.

​Has anyone encountered this situation before and know if there us a fix for this?​​

I'd appreciate any suggestions you could provide; thank you very much.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎02-05-2016 6:04 PM
0 Kudos

Hello,

As per my understanding, we do not keep rule IDs same in DEV-QA-PROD. MC will be created in PROD with existing rule ID. When we generate the function/rule in PROD itself then rule ID will not be changed. However you can assign MC of respective risk ID initially in DEV and study the behavior of MC's. After assuring all is fine, same need to be replicated in PROD followed by respective risk/function generation against valid connector/connector group.

Hope this clears the issue.

Thanks,

Sachin

Show replies
Show replies
former_member239021
Explorer
‎02-05-2016 4:49 PM
0 Kudos

Hi Novella,

Instead of mitigating specific rule id of risk you can keep it as * as risk will get mitigated and next time once you generate rules there is no need to add new rule id and mitigate it.

Regards,

Rakesh Kirve

Show replies
Show replies
JaneLa
Participant
‎02-05-2016 4:55 PM
0 Kudos

Hi, Rakesh.  Thank you for your reply; however, we have been unable to mitigate at the Risk ID level because some of the mitigations are different by Rule ID.

Jane

former_member239021
Explorer
‎02-05-2016 5:06 PM
0 Kudos

Hi Novella,

You can add the risk id in mitigation control and while mitigating the risk keep rule id as * and then mitigate the risk.

Regards,

Rakesh Kirve

JaneLa
Participant
‎02-05-2016 5:57 PM
0 Kudos

Hi, Rakesh.  Unfortunately we've not been able to mitigate at the Risk ID level with Rule ID = * for the following reasons:

  1. Not all of the conflicts (Rule IDs) within the same Risk ID should be mitigated (because they are true unresolved conflicts).  So, if I mitigated at the Risk ID level, I would be mitigating conflicts that should not be mitigated at this time..
  2. Not all of the Rule IDs within 1 Risk ID have the same mitigation.

So, I'm stuck.

Thanks, Jane

Former Member
‎02-05-2016 6:50 PM
0 Kudos

Hello,

I have illustrated to Mitigate one set of T-code . I have assumed function Id is not being shared with other risk ID if it does then Z risks will be created as equal to no of shares respectively.

former_member239021
Explorer
‎02-05-2016 6:56 PM
0 Kudos

Hi,

Mitigation controls created in your scenario are specific to rule ids but if you create mitigation control as per risk I'd it will be more helpful.
Because the rule ids whatever get generate points to the same risk so even the rules ids are different user will be having same risk.

Approach you have used will get restricted as per rule is generated for risk. everytime u do changes in risk new rule ids will be generating for that u will have to create new mitignt controls or existing mitigation controls have to be modified.

Regards,
Rakesh Kirve

former_member239021
Explorer
‎02-05-2016 7:21 PM
0 Kudos

While creating mitigation control keep rule I'd as * for risk
Regards,
Rakesh Kirve

Ask a Question