Scheduled access permission audits

Purpose

1.1. Automate the process of reviewing, evaluating, and updating access permissions to Army facility systems, networks, and physical sites.
1.2. Ensure compliance with defense regulations and audits, preventing unauthorized access by automating permission reviews at set intervals.
1.3. Automatically notify administrators of permission anomalies or outdated access, and automate remediation actions.
1.4. Maintain a continuously updated security and access management log for regulatory and operational readiness.

Trigger Conditions

2.1. Automate audits on a fixed schedule (e.g., weekly, monthly, quarterly).
2.2. Automatedly trigger on specific events (e.g., personnel change, scheduled security assessments).
2.3. Automate based on custom policy thresholds (e.g., access not reviewed in 30 days, role change events).

Platform Variants

3.1. Microsoft Azure Active Directory
- Feature/Setting: Automate with "Access Reviews" API (POST /identityGovernance/accessReviews), schedule recurring reviews.
3.2. AWS IAM
- Feature/Setting: Automate "GenerateCredentialReport" API, automate analysis for expired/unused permissions.
3.3. Google Workspace Admin
- Feature/Setting: Automate with "Reports API" (activities.list), schedule user/permission reports.
3.4. Okta
- Feature/Setting: Automate "Users API" (GET /api/v1/users/{userId}/groups), automate group membership reviews.
3.5. Oracle Identity Cloud Service
- Feature/Setting: Automate "List User Entitlements" via REST API, automate permission checks.
3.6. ServiceNow
- Feature/Setting: Automate "Scheduled Data Export" in Security Operations, automate permission export.
3.7. SailPoint
- Feature/Setting: Automate "IdentityNow Reviews API," schedule automatable certification campaigns.
3.8. Duo Security
- Feature/Setting: Automate "Admin API" (GET /admin/v1/users), automate inactive user flagging.
3.9. CyberArk
- Feature/Setting: Automate "Privileged Account Security Web Services," automate account assessment jobs.
3.10. Ping Identity
- Feature/Setting: Automate "PingOne API" for Access Review, automate user audit trail extraction.
3.11. IBM Security Verify
- Feature/Setting: Automate "Entitlements API" (GET /v1/entitlements), automate periodic review exports.
3.12. Splunk
- Feature/Setting: Automate "Search API" for permission logs, automate scheduled search alerts.
3.13. RSA Identity Governance and Lifecycle
- Feature/Setting: Automate "Review Generation API," automate automated campaigns.
3.14. OneLogin
- Feature/Setting: Automate "List Users API" (GET /api/1/users), automate group/role audit automations.
3.15. NetIQ (Micro Focus)
- Feature/Setting: Automate "Identity Governance REST API," schedule regular reviews.
3.16. ManageEngine ADManager Plus
- Feature/Setting: Automate "Automation Policy" for user and permissions review.
3.17. JumpCloud
- Feature/Setting: Automate "User API" (GET /api/systemusers), automate recent access log reviews.
3.18. Keeper Security
- Feature/Setting: Automate "Enterprise API" (GET /vault/records), automate permission audits.
3.19. Fortinet FortiAuthenticator
- Feature/Setting: Automate scheduled automated reports via "REST API for users/groups."
3.20. Apache Ranger
- Feature/Setting: Automate "Policy REST API" for listing and reviewing policy assignments automatically.
3.21. Workato
- Feature/Setting: Automate access permission review recipes using connectors for all supported apps.

Benefits

4.1. Automates time-consuming manual audits, reducing errors and audit fatigue.
4.2. Automatedly discovers outdated or inappropriate permissions, supporting continuous compliance.
4.3. Automates notifications for exception handling, accelerating response to access risks.
4.4. Ensures all permission changes and audits are tracked and logged automatically for incident investigation and compliance audits.
4.5. Frees up IT/security resources by automating repetitive audit tasks across varied security platforms.
4.6. Strengthens overall access governance, reducing insider threat and exposure windows by leveraging automation.

Leave a Reply

About

Product

Pricing

Support