Improving the Ability to Meet Compliance Requirements and Reduce Security ExposureRole Based Access Control provides the foundation for organizations to successfully implement security provisioning and ensure that Client employees and contractors have only that access which is required to perform their current job function(s). Implementation of RBAC will position Client to meet security and compliance challenges such as Sarbanes-Oxley, Gramm-Leach-Bliley, SAS70, internal requirements and more.
Overall, RBAC greatly improves the ability of an organization to meet compliance requirements and reduce security exposure.
This service will be provided through both on-site and remote support of the Client security environment. The thrust of the project will involve on-site consulting, working with Client staff to identify organizational roles and map existing mainframe security to new application function security profiles in the mainframe security environment.
The following stages are required for a successful completion of the project and are performed for each application to be converted to RBAC:
- Determine the minimum necessary profile configuration
New role profiles will be created and deployed to supplant existing access profiles.
- Establishment of new profile naming conventions
The development and implementation of a naming convention for these new roles will be developed in this task.
The new role profiles will enact consistent access for users in a role.
Exception access will be tracked and reported by security reporting at the role profile level.
- Automation for reporting and transitioning
Security reporting will be used and/or developed as needed to report on old access which are still being used despite the addition of new role profiles.
- Create new role profiles
As role development proceeds, systematic deployment of new application function profiles will occur in a phased approach with verified contingency.
- Assign new roles to users
In this task, users will be connected to their new role profile.
- Role refinement
Refine each new role profile and to gather exception information for later exception analysis.
- Remove existing legacy profiles
Existing legacy role profiles will be removed from each user.
- Ongoing Refinement
Continued monitoring and refinement as required occurs during this task.
- Review administrative access
Review of process/procedure to ensure appropriate changes made to the new application function profiles.