System Center: Ensure that access to applications and data is properly managed.
Home<ObjectTemplate ID="SYSCTR_MCA_00012" TypeID="GRCControl!System.Compliance.ManualControlActivityProjection">
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalName$">$MPElement[Name='GRC!System.Compliance.SourceNameEnum.MicrosoftCorporation']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalId$">SYSCTR_MCA_00012</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalVersion$">1</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Type$">$MPElement[Name='GRCControl!System.Compliance.ControlActivity.TypeEnum.Preventive']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Title$">Maintain an Access Management Process</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/DisplayName$">SYSCTR_MCA_00012 Maintain an Access Management Process</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Description$">System Center: Ensure that access to applications and data is properly managed.</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ImplementationMethod$">This control requires your organization to ensure that the authorized personnel have access to the appropriate information. Use System Center Service Manager Roles to define role-level access to programs, workflow, and other information. Also, use Active Directory Account Management to implement role-based access. Document your organization's established process in the following "Procedure Steps" section, and then manually assert whether this process is being followed within the organization for assets within the GRC program scope.
Procedure Steps
Replace the content in this field with a high-level summary of the procedure your organization executes for this control.</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/AdditionalGuidance$">For more information, see:
www.microsoft.com/systemcenter/en/us/service-manager.aspx</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestSummary$">Manual Assertion
Manually assert whether this procedure has been performed for all assets within the GRC program scope.
Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule. Determine what personnel will make the manual assertion by asking the GRC program manager. Typically, this assertion will be made by an analyst who observes an IT professional that enacts the process.
Record the compliance state as an assertion within the GRC program with one of the following states: compliant, noncompliant, error, or unknown.
Manual Assertion Steps:
1. Open the Service Manager Console.
2. Click the Compliance and Risk Items Workspace.
3. Expand the Control Management folder, then the Control Activities folders and select the All Control Activities View.
4. In the Control Activities View, select control activities that you want to add a result to and in the Task pane select Edit Control Activity. Service Manager Console launches the Control Activity form with the selected control activity.
5. In the Control Activity form, in the Task pane, select the Add Result Console task. Service Manager Console launches the Select Template dialog.
6. Select one of the templates for the results (Compliant, Non-Compliant, Unknown or Error), which opens the Result form with the result set to the control activity template name (for example, Compliant means Result = Compliant, and so on). The Owner field is populated with the current user name.
7. Select one of the programs from the Program section before Results (OK button is enabled).
8. Save the results by clicking OK in the dialog. Service Manager Console creates a Number of Managed Entity Results per Configuration Item in Scope for the selected programs. Service Manager Console closes the Add Result dialog. Service Manager Console creates a relationship between the control activity and Managed Entity Result in the CMDB. The Control Activity form remains open and displays the updated control activity in the form.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestId$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestName$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/SupportedControlObjectives$">GRC_MCO_00007</Property>
</ObjectTemplate>