Cloud Services

Compliance and Security Operations

Administrative setup
Published On Jun 04, 2024 - 8:45 AM

Administrative setup

Set-up the Compliance and Security Operations service.

Prerequisite administration to integrating Compliance and Security Operations

The following procedure is an outline for performing the prerequisite administration between Compliance Security Operations and the underlying data engine. The procedure should be completed only by a trained administrator.
  1. Register the data engine with OKTA for SAML support for Kyndryl registered users.
  2. Login to the Security and Compliance tenant.
  3. From the landing page, click the Main menu icon.
  4. Click the Admin drop-down menu.
  5. Click
    . The application navigates to IAM and defaults to the
  6. Set up the Tenant Manager as the CompSecOps Administrator:
    1. Select the user appointed as the CompSecOps Administrator, from the Users tab. The application navigates to the User
      Access Policies
    2. Click
      Add New
      to add a new policy (role). The application displays a drop-down menu.
    3. Click
      Assign Access Policy
      . The system navigates to the details page for
      Assign Access Policy
    4. For
      Select Service
      , select
    5. For
      Select scope
      , select the
      Resources based on selected attributes
      radio button.
    6. Under the following sentence: ''You can scope access to either existing Access Tags on any other available attribute for the selected service above'', click the
      radio button.
    7. From the
      Select Attribute
      drop-down menu, select
      . The application will display three fields: Attribute Name, Attribute Operator, and Attribute Value. Make the following selections:
      1. Attribute Name
        : organization
      2. Attribute Operator
        : EQUALS (default value)
      3. Attribute Value
        : Leave empty. The application will use the current organization by default.
    8. Select
      Compliance Administrator
      under the following sentence: ''Service roles are specific permissions within the application''.
    9. Click
      to assign this Access Policy to the user. The application returns to the Users tab.

Add connections to the data engine

Use the following procedure to create a connection between Compliance and Security Operations and the underlying data engine:
  1. Navigate to IAM.
  2. Click
    on the left navigation bar. The system navigates to the Connections page.
  3. Click
    Add New
    . The application displays a drop-down menu.
  4. Select
    Add Connection
    . The application navigates to the connection details page.
  5. Add a name in the
    Connection Name
  6. Select
    Tools Provider
    for the
    Select Technology Category
  7. Select
    for the
    Select Connection Type
  8. Enter the host (data engine instance) URL in the
    Host Instance URL
  9. Add the
    Super Admin Username
    Super Admin password
    for the data engine to the appropriate fields in the
    Credentials Details
  10. Click
    . IAM adds the connection.

Additional actions: configure the data engine

Perform the following additional actions on the data engine dashboard:
  • Specify cloud providers for the purpose of performing a scan in the data engine. Refer to the data engine Administrator Guide for Organization per provider.
  • Schedule a data engine Job for infrastructure and risk assessment. Refer to the data engine Administrator Guide.
  • Configure the data engine for ServiceNow (SNOW). Refer to the data engine Administrator Guide.

Additional actions: add users

  • Add users to the Compliance and Security Operations service, assigning appropriate roles. For instructions, see Users and roles management.
When you delete a sub-organization from the data engine, user roles persist in the tenant. The Compliance and Security Operations administrator must delete users and their roles for the sub-organization.
Do you have two minutes for a quick survey?
Take Survey