By default, three response options are given to each remediator:
Remediate. A remediator indicates that something has been done to fix the problem on the resource.
When a compliance violation is modified, Waveset creates an audit event to log the remediation. In addition, Waveset stores the name of the remediator and any comments provided.
After remediation, a violation is not deleted until the next audit scan. If an audit policy is configured to allow re-scans, then the user will be re-scanned as soon as the violation is remediated.
Mitigate. A remediator allows the violation and gives the user an exemption from the violation for a certain amount of time.
If the violation is deliberate (for example, there is a business case for belonging to two groups), you can mitigate the violation for an extended period of time. You can also mitigate the violation for a short period of time (for example, in cases where the resource’s system administrator is on vacation and you do not know how to fix the problem).
Waveset stores the name of the remediator that mitigated the violation along with the expiration date assigned to the exemption and any comments provided.
When Waveset detects an expired exemption, it returns the violation from the mitigated state to a pending state.
Forward. A remediator reassigns the responsibility for resolving the violation to another individual.
As an example of remediation, suppose your enterprise establishes a rule in which a user cannot be responsible for both Accounts Payable and Accounts Receivable, and you receive notice that a user is violating this rule.
If the user is a supervisor who has responsibility for both roles until the company hires a second person for that position, you might mitigate the violation and issue an exemption for up to six months.
If the user is violating the rule, you might ask your Oracle ERP Administrator to correct the conflict, and then remediate the violation when the problem is fixed for that resource. Alternatively, you might forward the remediation request to the Oracle ERP Administrator.