2011 Q3 Ruleset update by SAP

10-11  Source: Network gathering  Views:0 

The 2011 ruleset update has now been incorporated into 5.3 Support Pack 17 and 10.0 Support Pack 5 which are both in released status.  Please see sap note "1604722 Risk Analysis and Remediation Rule Update Q3 2011" for a full summary of the changes made.  Please see sap note "1352498 Support Pack Numbering - GRC Access Control" for information on the support pack numbering for Access Control.
As indicated in this note, the ruleset changes are incorporated into 5.3 SP17 and 10.0 SP 5.  For new customers implementing Access Control, the rules contained in these support packs contain the most recent version of the delivered ruleset.  See sap note "1033326   Risk Analysis and Remediation Rule Upload guidance" for information on how to find the files in 5.3 and upload.  In 10.0, you will activate the appropriate GRAC_RA_RULESET* BC_SETS applicable to your system.
For existing customers, you will need to review the updates made per the Word document included in sap note 1604722 and manually make the changes to your ruleset that you believe are applicable in your environment.  It is highly recommended that existing customers DON'T reactivate the BC_SETS in 10.0 or reload the text files in 5.3 as it will overwrite your customization.  The only option then is to manually make the changes using the Rule Architect functionality.
Please see related sap notes below for previous ruleset updates and other guidance around rulesets.
1446680     Risk Analysis and Remediation Rule Update Q2 2010
1326497     Risk Analysis and Remediation Rule Update Q2 2009
1173980     Risk Analysis and Remediation Rule Update Q2 2008
1083611     Compliance Calibrator Rule Update Q3 2007
1035070     Compliance Calibrator Rule Update Q1 2007
1061380     Compliance Calibrator Rule Update Q2 2006
986996     GRC Access Control- Best Practice for Rules and Risks
1373465     Rule Upload and Rule Import - Explanation of functions
Hi Jane
I know you are no longer involved in this area but I would like to get your opinion. A lot of consulting houses that implement GRC AC recommend that the customer copy the Global ruleset and then only make changes on the copied ruleset.  What is your feelings around this. Is it not better (specifically in GRC AC 10.0 that has change logs) to use the Global ruleset?
Related articles