Mitigated Profiles

Prerequisites

You must first define a mitigating control before you can assign it to a profile to mitigate an access risk.

Assigning a Mitigating Control to a Profile

1. Choose Access Management  Mitigated Access  Mitigated Profiles.

   The Mitigated Profiles screen shows a list of existing profiles to which mitigating controls have been assigned.

2. Choose Assign.

   The Profile Mitigation screen appears.

3. Enter information in the required fields, which are marked with an asterisk (*),

   • Access Risk ID – Select the field to enter the access risk ID.

   • Control ID – Select the field to enter the control ID you want to add.

   • Monitor – This field is automatically populated with system data after you choose the control ID.

   • Valid From – This is the start of the period for the mitigating control.

   • Valid To – This is the end of the period for the mitigating control.

   • Status – Choose Active or Inactive from the dropdown list.

4. Choose Add to associate a system to the mitigating control.

5. Choose Add to associate a role to the mitigating control.

6. Choose Submit  Close.

   The mitigating control you assigned is included in the list on the Mitigated Profiles screen.

Deleting a Mitigating Control from a Profile

1. Choose Access Management  Mitigated Access  Mitigated Profiles.

   The Mitigated Profiles screen shows a list of existing profiles to which mitigating controls have been assigned.

2. Select the profile you want to delete and choose Delete. Confirm your decision to delete this mitigating control.

3. Choose Yes.

   The mitigating control you deleted is removed from the Mitigated Profiles screen.