Cloud Services

Compliance and Security Operations

Expand menu Collapse menu

Administrative setup

Published On Aug 29, 2024 - 1:02 AM

Administrative setup

Learn to set up the Compliance and Security Operations service, enabling connections to the data engine that supplies compliance and security data to the Kyndryl Compliance and Security interface.

Prerequisite administration to integrating Compliance and Security Operations

The following procedure outlines the prerequisite administration between Compliance Security Operations and the underlying data engine. The procedure should be completed only by a trained administrator.

From the landing page, click the Main menu
icon.

Click the Admin
drop-down menu.

Click IAM
. The application navigates to IAM and defaults to the Users
tab.

Set up the Tenant Manager as the CompSecOps
Administrator:

Select the user appointed as the CompSecOps Administrator from the Users tab. The application navigates to the User Access Policies
tab.

Click Add New
to add a new policy (role). The application displays a drop-down menu.

Click Assign Access Policy
. The system navigates to the details page for Assign Access Policy
.

For Select Service
, select CompSecOps
.

For Select Scope
, select the Resources Based on Selected Attributes
radio button.

Under the following sentence: ''You can scope access to either existing Access Tags on any other available attribute for the selected service above'', click the Attribute
radio button.

From the Select Attribute
drop-down menu, select CompSecOps
. The application will display three fields: Attribute Name, Attribute Operator
, and Attribute Value
. Make the following selections:

Attribute Name
: organization

Attribute Operator
: EQUALS (default value)

Attribute Value
: Leave empty. The application will use the current organization by default.

Select Compliance Administrator
under the following sentence: ''Service roles are specific permissions within the application''.

Click Assign
to assign this Access Policy to the user. The application returns to the Users tab.

Add connections to the data engine

Use the following procedure to create a connection between Compliance and Security Operations and the underlying data engine:

Navigate to IAM.

Click Connections
on the left navigation bar. The system navigates to the Connections
page.

Click Add New
. The application displays a drop-down menu.

Select Add Connection
. The application navigates to the connection details page.

Add a name in the Connection Name
field.

Select Tools Provider
for the Select Technology Category
field.

Select ComplianceSecops
for the Select Connection Type
field.

Enter the host (data engine instance) URL in the Host Instance URL
field.

Add the Super Admin Username
and Super Admin Password
for the data engine to the appropriate fields in the Credentials Details
section.

Click Add
. IAM adds the connection.

Additional actions: configure the data engine

Perform the following additional actions on the data engine dashboard:

Specify that cloud providers will perform a scan of the data engine. Refer to the data engine Administrator Guide for Organization per provider.

Schedule a data engine Job for infrastructure and risk assessment. Refer to the data engine Administrator Guide.

Configure the data engine for ServiceNow (SNOW)
. Refer to the data engine Administrator Guide.

Additional actions: add users

Add users to the Compliance and Security Operations service, assigning appropriate roles. For instructions, see Users and roles management.

When you delete a sub-organization from the data engine, user roles persist in the tenant. The Compliance and Security Operations administrator must delete users and their roles for the sub-organization.

Do you have two minutes for a quick survey?

Take Survey