On This Page
To view the TOS Classic Knowledge Center for Rule Lifecycle Management App, click here.
Overview
The Rule Lifecycle Management App (RLM) is a Tufin extension (formerly Tufin Marketplace app) that simplifies and manages the rule recertification process.
-
RLM enables the owners of applications or network assets to certify rules that enable access to or from those assets. RLM automatically finds expiring or expired rules and maps them to the relevant owner.
-
RLM automatically opens the appropriate a ticket in Tufin's SecureChange product where the policy and metadata changes are implemented, effectively eliminating many of the manual steps normally required for orchestrating what is often a manual and complex process.
-
RLM automatically schedules recertification for new rules.
If you are working in a regulated environment, you can use RLM to ensure consistency in your audit programs, easily identify gaps in rule ownership, and configure and maintain a repeatable recertification program.
Why do I Need RLM?
Attackers often utilize expired or unused access policies across your network's security infrastructure and cloud security controls to gain unauthorized access to your network. To avoid security breaches in your network, you must review these rules regularly, recertify rules that you still need, modify existing rules to meet recertification requirements prior to certification, and remove unnecessary rules.
RLM orchestrates the process of identifying rules that need a certification decision and implementing changes to the rules. These changes include certifying or decertifying a rule, modifying rules to meet recertification requirements, changing access permission, or decommissioning a rule.
How Does RLM Work?
|
What needs to be done? |
Who does the work? |
Where can I get more info? |
|---|---|---|
|
Assign assets to owners. |
App Administrator | |
|
Set up scans to retrieve rules from SecureTrack that require a certification decision. |
App Administrator | |
|
Configure email notification to Rule Owners about rules for which they are responsible and that require recertification. |
App Administrator | |
|
Create workflows in SecureChange, configure RLM to use the workflows when required. |
App Administrator | |
|
Configure RLM to use the SecureChange workflows when required. |
App Administrator | |
|
RLM creates tickets in SecureChange that are triggered by Rule Owner certification decisions. |
RLM/Rule Owner | |
|
Track the tickets' progress in RLM. |
App Administrator | |
|
Review the updated rules and refreshes the status of the rules in RLM. |
Rule Owner | |
|
Review Rule Owner activity |
Auditor App Administrator |
|
|
Provide a UI for auditors to review the recertification process and evaluate business justifications for these certification decisions. |
RLM |
|
|
Implementation of the certification decisions can be automatic or a Handler in SecureChange can implement the decision in the ticket manually. |
Handler |
