Mitigating Risks 
On the Assign Mitigation Controls screen, you can assign mitigation controls to risks found during risk analysis and impact analysis.
The screen also allows you to mitigate risks for roles that are not part of the current request. For example, you are currently mitigating risks for John_Current_Request. You can also mitigate risk violations for John_Other_Request1 and John _Other_Request2. Choose the Add pushbutton to add and complete the procedure below for step 4.
Note
The Mitigate Risk feature is available on multiple screens in the application. In the procedure below, we describe one access point; your access point may be different. The information is applicable regardless of the access point.
Prerequisites
You have created mitigation controls. For more information, see Creating Mitigating Controls.
Procedure
On the Analyze Access Risk screen, under the Results section, select a risk violation or multiple violations, and then choose the Mitigate Risk pushbutton.
The Assign Mitigation Controls screen appears. The application uses the information from the risk violation, such as the Access Risk ID, and displays the relevant mitigating control.
To use the mitigating control suggested by the application:
Change the information in the relevant fields as needed, such as the validity dates, the Control ID, and so on.
Choose Submit.
To create a new control:
Choose Create Control and complete the tasks for creating a new control. For more information, see Creating Mitigating Controls.
Choose Add.
The application adds an empty line to the mitigation controls list.
Enter information in the relevant fields for the new control.
Choose Submit.
To assign mitigating controls for other roles or requests:
Choose Add.
The application adds an empty line to the mitigation controls list.
Enter information in the relevant fields for the new control.
Choose Submit.