Mitigated User for Organization Rules 
Prerequisites
You must first define a mitigating control before you can assign it to an organization to mitigate an access risk.
Assigning a Mitigating Control to an Organization Rule
Choose
Mitigated Access 
Mitigated User Organization Rule 
.The Mitigated User Organization Rule screen appears showing a list of existing organizations to which mitigating controls have been assigned.
Choose the Assign pushbutton.
The User Org Mitigation screen appears.
Enter information in the required fields.
(The required fields are marked with an asterisk (*).
Org. Rule ID — Select the field to enter the organization rule ID.
Access Risk ID — Select the field to enter the access risk ID.
Control ID — Enter the control ID.
Monitor — Automatically populated with system data after you choose the control ID.
Valid From — Start of the mitigating control period.
Valid To — End of the mitigating control period.
Status — Choose Active or Inactive from the dropdown list.
Choose the Add pushbutton to associate a system to the mitigating control.
Choose the Add pushbutton to associate a user to the mitigating control.
Choose
Submit Close .The mitigating control you assigned is included in the list on the Mitigated Users screen.
Deleting a Mitigated User Organization Rule
Choose
Mitigated Access Mitigated User Organization Rule .The Mitigated User Organization Rule screen appears showing a list of existing organizations to which mitigating controls have been assigned.
Select the user you want to delete and choose the Delete pushbutton.
A dialog box opens where you can confirm your decision to delete this mitigating control.
Choose the Yes pushbutton.
The mitigating control you deleted is removed from the Mitigated User Organization Rule screen.