Open GBues opened 1 year ago
@GBues That's a good idea. Just to be clear, the use case would be if a control can not be implemented for some reason, you could create a security exception within the project, tie it the control, provide a explanation and compensating controls, and get approval?
Thanks, for your response :) I thinks we're ok, but to be really really clear here is an exemple
Control : all USB port should be disabled on all computers Implemented 100% But on computer X we need it to be allowed, maybe for a small period of time. This is the security exception for me.
I didn't thought of approval but that's a good idea.
I would like to see all exception for my project to review them periodicaly. For this I must have the date of creation, and a date of review for this exception.
Yup that makes sense
Hi Bmarsh,
I think it would be great to be able to use gapps to handle security exceptions list for a project and link them to controls. We could have a review system on each exception.
Thanks by advance, Guillaume