Hi,
when I add security controls to mitigate an asset risk, security policies are auto-filled. Can this be turned off? Or can you explain the logic, which policies are selected. In my case, very rarely the right policies are filled out. So most of the time I need to delete all of them, which is very annoying.
Thanks
Alex
Hi Alexander,
It should be taken the policies that are related to that control.
The logic is that if you are mitigating a risk with a control, and that control belongs to a policy, that policy is usually also mitigating that risk.
Regards,
Jorge Soler
Hi Jorge,
thanks for the reply. Yes, this makes sense and works fine. But it happens to me, that also other policies are added. E.g. I have a control for Multi Factor Authentication. When I add this control always two policies are added. One, because it is referred to in the MFA control. But the second is not referred there and I have no idea, where the referrence comes from. Is there any other logic behind?
Thanks
Alex
Is your eramba installation updated to the latest version (3.22.0)? Are you an enterprise or community user?
I remember that we had this issue in the past.
Regards,
Jorge Soler
We are on 3.19.1 and community edition. I will try to get an update and see, if that helps.
Thanks
Yes, please update and try again.