Handler: Completing SecureChange Tickets

The Rule Lifecycle Management App (RLM) identifies firewall rules that require a certification decision. After the Rule Owner uses RLM to review rules and decide whether to certify or decertify them, RLM opens a ticket in SecureChange based on one of three workflows - rule recertification, rule decommission, or rule modification. The App Administrator creates these workflows, and configures RLM during setup to link to these workflows.

Depending on the workflow, the Handler can implement the certification decision manually (if not done automatically by RLM), resolve conflicting certification decisions between multiple Rule Owners, or work with Rule Owners to decommission rules that were disabled.

Implement the Certification Decision Manually

In the case of rule recertification, it is recommended that RLM implement the certification decision automatically. The App Administrator configures this option during the initial setup. If you will not use automated workflows due to business requirements, the Handler needs to implement the Rule Owner's decision in SecureChange by clicking Update Metadata to update the rule metadata manually.

Here is an example of a recertification workflow at the implementation step:

After updating the metadata, these recertification metadata fields are updated automatically in the SecureTrack Policy Browser for supported devices:

  • Certification Status: Status of the rule (certify, decertify, or blank).

  • Certification Date: Date when the certification decision was implemented.

  • Certification Expiration Date: Date when the rule certification expires, after which, it must be reviewed and recertified.

RLM uses the Certification Expiration Date to determine the rules to retrieve from SecureTrack in the future.

Resolve Certification Conflicts

Multiple Rule Owners could disagree about the certification decision for a rule. For example, one Rule Owner wants to certify their networks in the rule and another Rule Owner wants to decertify their networks in the rule. RLM identifies these rules and when the App Administrator selects them, RLM opens a ticket using the Rule Modification workflow defined in RLM.

Since these tickets require administrative permissions, only the App Administrator can manage them. For more information, see Managing Certification Decision Conflicts.

Disable Rules

In the Settings menu, the RLM administrator can set the Rule Decommission Workflow toggle to disable rules after they have been decertified. If defined, RLM automatically opens a Rule Decommission ticket for decertified rules automatically. The Handler and the Rule Owners can decide to decommission the rule based on time or usage. For example, they may decide to wait two months or monitor if other network policies are using the rule, and then disable the rule. For details about devices that support the Rule Decommission workflow, see SecureChange Features by Vendor.