Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Mitigating Controls

Former Member

on ‎2008 Feb 19 8:39 AM

0 Likes
154

Hi,

We are in the midst of uploading the rules into production. Does anyone here know if there is a specific file required to upload mitigating controls into production or these controls have to be tied to the risk ids manually in production?

Thanks.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Former Member
‎2008 Feb 20 6:02 PM
0 Likes

Chee,

If you are working on CC5.2, then you have to create mitigation controls manually in Production box.

Thanks

Himadama

Show replies
Show replies
Former Member
‎2008 Feb 27 7:42 AM
0 Likes

Hi Chee,

You can upload all mitigating controls by executing scripts at database level to minimize the manual work. Please refer below scripts to define risk/user in mitigating control,

1. Insert Risk "F001" into Mitigating Control "MC01"

INSERT INTO SAPSR3DB.VIRSA_CC_MITRISK (MITREFNO,RISKID) VALUES ('MC01', 'F001*');

2. Insert User "ABCD" in mitigating control "MC01"

INSERT INTO SAPSR3DB.VIRSA_CC_MITUSER (MITREFNO,RISKID,USERID,VALIDFROM,VALIDTO,MONITORID,STATUS) VALUES ('MC01', 'F001*', 'ABCD', '11-DEC-2007', '10-DEC-2008', 'XYZ', '0');

Following are the tables for mitigating controls in CC 5.2,

VIRSA_CC_MITHROBJ

VIRSA_CC_MITMON

VIRSA_CC_MITPROF

VIRSA_CC_MITREF

VIRSA_CC_MITREFT

VIRSA_CC_MITRISK

VIRSA_CC_MITROLE

VIRSA_CC_MITRPT

VIRSA_CC_MITUSER

VIRSA_CC_MITUSRORG

VIRSA_CC_MONAPV

Regards,

Vishal S. Palaskar

achristian17
Participant
‎2008 Feb 28 1:30 AM
0 Likes

Hi I totally agree with Himadama you need to do this manually. I've recently come across with this case and Vishal's idea seems to be good but still he's missing one more table which is VIRSA_CC_DETDESC where the mitigation's detail description is stored. If your mitigation description is one line there wouldn't be any issue but if it's more than a line then definitly you may need to load in to the a/m table.

Better load few and cross check nothing is missed out, though this is not advisable as per best practice.

Regards,

Asok

Ask a Question