Closed Loop Remediation in Identity Management and Governance

Closed-loop remediation is a term that is used in Identity Management and Governance that revokes any of the access privileges of a user which were identified for revocation during a Certification process. Ideally the Closed-loop remediation feature should directly revoke roles and entitlements from the Provisioning Tool after the Certification process or campaign has flagged such entitlements of a user for revocation.

For example, in Oracle Identity Manager (OIM), when a certification is complete and all primary review tasks have been signed off, Oracle Identity Manager attempts to remove every user and privilege for which the final decision was to revoke. Requests are created to de-assign any role-assignment that is revoked, to de-provision any account that is revoked, to remove any entitlement-assignment that is revoked, and to delete or disable any user that is revoked. 
Note, for non-managed applications, you may have to manually revoke roles and entitlements.

The key here is that this Closed-loop remediation task is an automated task for remediating the finding from the originating system. Else, the follow-up task of remediating the findings had to be done via a different business process. This Closed-loop remediation effectively closes the loop on the originating system.

Closed-loop remediation reduces compliance risk by helping automate remediation tasks.
Oracle Identity Governance (OIG) and SailPoint both support Closed-loop remediation feature.

References

Comments

Post a Comment

Popular posts from this blog

VMware fix for Invalid manifest and ova file import failed errors

SOAPUI - import certificate

Session Timeout in Oracle Access Manager