Use the Mitigated Profiles screen to assign mitigating controls to a profile.
You must first define a mitigating control before you can assign it to a profile to mitigate an access risk.
Choose
.The Mitigated Profiles screen appears showing a list of existing profiles to which mitigating controls have been assigned.
Choose the Assign pushbutton.
The Profile Mitigation screen appears.
Enter information in the required fields.
(The required fields are marked with an asterisk (*).
Access Risk ID — Select the field to enter the access risk ID.
Control ID — Select the field to enter the control ID you want to add.
Monitor — This field is automatically populated with system data after you choose the control ID.
Valid From — This is the start of the period for the mitigating control.
Valid To — This is the end of the period for the mitigating control.
Status — Choose Active or Inactive from the dropdown list.
Choose the Add pushbutton to associate a system to the mitigating control.
Choose the Add pushbutton to associate a role to the mitigating control.
Choose
.The mitigating control you assigned is included in the list on the Mitigated Profiles screen.
Choose
.The Mitigated Profiles screen appears showing a list of existing profiles to which mitigating controls have been assigned.
Select the profile you want to delete and choose the Delete pushbutton.
A window appears where you can confirm your decision to delete this mitigating control.
Choose the Yes pushbutton.
The mitigating control you deleted is removed from the Mitigated Profiles screen.