Cloud Services

Compliance and Security Operations

Administrative setup
Published On Aug 29, 2024 - 1:02 AM

Administrative setup

Learn to set up the Compliance and Security Operations service, enabling connections to the data engine that supplies compliance and security data to the Kyndryl Compliance and Security interface.

Prerequisite administration to integrating Compliance and Security Operations

The following procedure outlines the prerequisite administration between Compliance Security Operations and the underlying data engine. The procedure should be completed only by a trained administrator.
  1. Register the data engine with OKTA for SAML support for Kyndryl registered users.
  2. Login to the Security and Compliance tenant.
  3. From the landing page, click the Main menu
    icon.
  4. Click the
    Admin
    drop-down menu.
  5. Click
    IAM
    . The application navigates to IAM and defaults to the
    Users
    tab.
  6. Set up the Tenant Manager as the
    CompSecOps
    Administrator:
    Select the user appointed as the CompSecOps Administrator from the Users tab. The application navigates to the
    User Access Policies
    tab.
    1. Click
      Add New
      to add a new policy (role). The application displays a drop-down menu.
    2. Click
      Assign Access Policy
      . The system navigates to the details page for
      Assign Access Policy
      .
    3. For
      Select Service
      , select
      CompSecOps
      .
    4. For
      Select Scope
      , select the
      Resources Based on Selected Attributes
      radio button.
    5. Under the following sentence: ''You can scope access to either existing Access Tags on any other available attribute for the selected service above'', click the
      Attribute
      radio button.
    6. From the
      Select Attribute
      drop-down menu, select
      CompSecOps
      . The application will display three fields:
      Attribute Name, Attribute Operator
      , and
      Attribute Value
      . Make the following selections:
      1. Attribute Name
        : organization
      2. Attribute Operator
        : EQUALS (default value)
      3. Attribute Value
        : Leave empty. The application will use the current organization by default.
    7. Select
      Compliance Administrator
      under the following sentence: ''Service roles are specific permissions within the application''.
    8. Click
      Assign
      to assign this Access Policy to the user. The application returns to the Users tab.

Add connections to the data engine

Use the following procedure to create a connection between Compliance and Security Operations and the underlying data engine:
  1. Navigate to IAM.
  2. Click
    Connections
    on the left navigation bar. The system navigates to the
    Connections
    page.
  3. Click
    Add New
    . The application displays a drop-down menu.
  4. Select
    Add Connection
    . The application navigates to the connection details page.
  5. Add a name in the
    Connection Name
    field.
  6. Select
    Tools Provider
    for the
    Select Technology Category
    field.
  7. Select
    ComplianceSecops
    for the
    Select Connection Type
    field.
  8. Enter the host (data engine instance) URL in the
    Host Instance URL
    field.
  9. Add the
    Super Admin Username
    and
    Super Admin Password
    for the data engine to the appropriate fields in the
    Credentials Details
    section.
  10. Click
    Add
    . IAM adds the connection.

Additional actions: configure the data engine

Perform the following additional actions on the data engine dashboard:
  • Specify that cloud providers will perform a scan of the data engine. Refer to the data engine Administrator Guide for Organization per provider.
  • Schedule a data engine Job for infrastructure and risk assessment. Refer to the data engine Administrator Guide.
  • Configure the data engine for
    ServiceNow (SNOW)
    . Refer to the data engine Administrator Guide.

Additional actions: add users

  • Add users to the Compliance and Security Operations service, assigning appropriate roles. For instructions, see Users and roles management.
When you delete a sub-organization from the data engine, user roles persist in the tenant. The Compliance and Security Operations administrator must delete users and their roles for the sub-organization.
Do you have two minutes for a quick survey?
Take Survey