SOX Security Information

Q1) Explain SOX security.

Step 1: 

Scan all the Single Role for SOD violations with a GRC Tool.

Action: 
If there is SOD Remediate ( Fix objects values or Remove transaction code) or come up with a mitigation control with help of Function Team.

Step 2:

Scan all the composite Roles for SOD violations

Action: 
If there is SOD Remediate (remove roles or replace with different role) or come up with a mitigation control with help of Function Team.

Step 3:

If the policy is one composite role per user then transport all the compliance calibrator controls to production.  Since all the Composite roles are mitigated or remediated all the users should be clean

Step 4:

If the roles are determined based on user. Then each user has to be analyzed by GRC tool when they are setup in the system. If they have SOD then mitigate the user in directly in the system.

Tip: 
Template users like AP Manager, AR Manager, Fin Manager, WM Manager, SD Clerk, WM Operator etc can be setup in Production system. Then new user could be cloned from the template users.   One advantage is the template users can be scanned with GRC tools. The Mitigation controls can be in place and the same mitigation controls can be applied to new users.
 

Q2) In SOX, I need a secure channel for requests and replies. I would also like to authenticate who listens to broadcasts in addition to authentication of requestors of information.   Are there any guide lines on how to apply SOX to a distributed messaging architecture? 

You can achieve SSL security by running an instance of the Rendezvous Secure Daemon or the Rendezvous Secure Routing Daemon.  Connect the 
requesting and replying Rendezvous clients to its listen port. 

You can secure the RV bus by running the network on secure hardware. 

SAP Basis

Read also:
Names of  SAP Standard Admin Jobs

SAP Basis Reference Books:
SAP Basis Components, System Administration, Security, ALE and iDoc Books

Back to Basis Menu:
SAP BC (Basis Components) Hints and Tips

Return to :-
SAP ABAP/4 Programming, Basis Administration, Configuration Hints and Tips

(c) www.gotothings.com All material on this site is Copyright.
Every effort is made to ensure the content integrity.  Information used on this site is at your own risk.
All product names are trademarks of their respective companies.  The site www.gotothings.com is in no way affiliated with SAP AG.
Any unauthorised copying or mirroring is prohibited.