Mapping Ownership for Assets and Rules

Overview

Mapping owners to assets and rules is a key requirement for RLM to route certifications to the right people. The App Administrator does the map Rule Owners to the network devices (network, IP, or range of IPs) for which they are responsible. Rule Lifecycle Management App (RLM) then retrieve rules from SecureTrack that need a certification decision and relate to these assets.

You can assign ownership by:

  • Mapping assets to owners: Assign owners to network assets such as network, IP, or IP range, and RLM automatically assigns the rules that reference the assets to the owners. See Mapping owners to assets.

  • Mapping rules to owners: Manually assign single or multiple rules to owners. See Mapping owners to rules.

For ownership mapping in bulk, prepare the files offline in CSV format and upload them into RLM, or import through API.

 

Before you start, ensure that all Rule Owners in RLM have a corresponding user ID in SecureChange.

  • Each user must have User name and Email attributes in SecureChange.

  • The Owner field in the RLM mapping template must be an identical match to the field User name in SecureChange.

See Creating Users.

How Does It Work?

Owner Status Updates

RLM executes a background task every 60 minutes to update the status of RLM owners based on their status in SecureChange.

  • If an owner is deleted from SecureChange, or if the owner is a group with no members, RLM changes the status of the owner in the extension to inactive automatically.

  • If the user is added back to SecureChange or the group is filled in with new owners, RLM can change the user to active.

In both cases, a one-time synchronization job will run at 2:00 am the following day to update rule ownership based on the new owners in RLM.

Owner Mapping Updates

After mapping owners to assets or rules and running scans, RLM retrieves rules that require a certification decision based on the configured frequency.

The criteria for these rules include the following:

  • Rules that will expire based on the Rule Recertification settings.

  • Rules that have already expired.

  • Rules that do not have any certification.

  • Rules based on the source, destination, and service setting.

For more information, see Rule Recertification settings.

Rule Owners receive an email notification that they have rules which require a certification decision.

What Can I Do?