In the recent RSA Identity Governance and Lifecycle 7.1 release, you can now require a user to specify if a mitigating control is in place for when granting an exception to a Segregation of Duty (SOD) or User Access (UA) policy violation.
During a policy violation review, and when granting an exception, the remediator can specify if there is a mitigating control in place. They can choose if control is:
- In-Place – there is a control that has been implemented
- Pending – there is a control defined and is in the process of being implemented
- None – there are no controls in place or defined at this time
This feature compliments New Feature: Customer Specific Business Justifications that can also be selected when granting a policy exception.
The configuration for adding mitigating controls for granting exceptional access to policy violations can be found within the rule definition.
For more information on this feature – please check out this additional content.