Compliance Best Practices

CA IdentityMinder Integration Guide › Best Practices for Integration › Compliance Best Practices

Compliance Best Practices

With the recent addition of Policy Xpress in CA IdentityMinder, and now with the integration, you can set business compliance policies in different ways. When considering best practices, use the feature that allows for the greatest capabilities. We recommend the following:

If you do not use Smart Provisioning in your CA IdentityMinder Environment, you can set compliance policies for User Tasks as follows:
- New deployments: Use Policy Xpress
- Existing deployments: Use Preventative Identity Policies
If you are using Smart Provisioning in your CA IdentityMinder Environment, you can set compliance policies for User Tasks as follows:
- Resource-level Segregation of Duties (SOD): Use CA GovernanceMinder Business Policy Rules (BPRs)
- User attributes: Use Policy Xpress for new deployments, or Preventative Identity Policies for existing deployments.
- Role Memberships: Use BPRs, Policy Xpress, or Preventative Identity Policies depending on preference.

The following table outlines requirements and capabilities for each CA IdentityMinder compliance policy option:

Policy Option	Requires CA RCM and CA IdentityMinder?	Scope of policy checking	Checks compliance against unmanaged endpoints?
Preventative Identity Policies	No	Roles	No
Business Policy Rules (BPRs)	Yes	Roles and Resources	Yes
Policy Xpress	No	Roles	No