Managing Certification Decision Conflicts

Multiple Rule Owners could disagree about the certification decision for a rule. For example, one Rule Owner wants to certify their network objects in the rule and another Rule Owner wants to decertify their network objects in the rule.

The Rule Lifecycle Management App (RLM) identifies these rules, marks them with the Conflict status, and automatically adds the Default Owner Group to the rule. This group of administrative users is responsible for mediating tickets for which Rule Owners disagree about the certification decision.

While a rule has the status Conflict, any Rule Owner can submit a new decision which overrides the previous one.

Options for Resolving a Conflict

Rules with Conflict status can be resolved as follows:

  • Come to consensus: All Rule Owners, including the Default Owner Group, reach a consensus and submit new decisions that agree. They can all do this from the Pending page.

  • Modify the rule

    Once a rule has been successfully modified, SecureTrack must receive a revision. Either manually initiate a new revision search from SecureTrack, or wait for the revision to be pulled according to the cycle configured in SecureTrack. After SecureTrack receives the revision, the Default Owner can select Import Rule for Partial Mapping, and a one-rule scan will be executed. The rule is then nominated for a fresh certification, clearing the rule conflict in RLM.

    Rule Modification Ticket

    Rule Modification Ticket - The Default Owner opens a Rule Modification ticket in SecureChange to add or remove an asset, or modify a group. This is limited to specific vendors. See SecureChange Features by vendor.

    A rule modification workflow is required for this option. See Creating Workflows for the App.

    Manually Modify The Rule On The Device

    You need to go to the device itself and modify the rule there.

Resolve Conflict by Modifying a Rule in SecureChange

This procedure can only be performed by the Default Owner on rules with the Conflict Status.

  1. From the Actions () list, select Change rule by Rule Modification workflow.

    2. RLM opens a new rule modification ticket in SecureChange, which can be viewed in the Tickets page.

    When this ticket opens, RLM also updates the rule status in RLM to Pending Modification and adds a link to the SecureChange ticket in the rule.

  2. Wait for a revision to be received in SecureTrack (or initiate a manual pull).

  3. From the Actions () list, select Import Rule for Partial Mapping.

    RLM will initiate a scan for the individual rule and the rule will be nominated for a new certification.