The CA ControlMinder Segregation of Duties report displays the user accounts that violate a segregation of duties policy such as users cannot be members of both the administrators and auditors user groups. The report provides a summary pie chart the compares the number of users that comply and do not comply with the policy. The report also includes details about the user accounts that do not comply with the policy and the host ID.
All endpoints in all enterprise environments require maintenance by users that must have access to OS and application components. Commonly, the system administrator maintains the computer from the OS viewpoint, and an application administrator maintains the computer from an application viewpoint. For example, a Solaris system administrator may update entries in the UNIX host file while an Oracle DBA may maintain tables in the Oracle database.
The advantage of this model is that the system administrator is limited in the ability to compromise an application, and the application administrator is limited in the ability to compromise the OS. It is generally not a good practice to have a system administrator that is also an application administrator.
This report helps identify potential conflicts where users belong to two groups representing different roles. This group intersection detection and reporting is highly beneficial to satisfying one of the major audit points for ISO7799, SOX, PCI, HIPAA and the DoD.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|