Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

About the Certification Process

Certification Process Steps

search

Please Note:

Certification Process Steps

The certification review is initiated on the Environment level. To support the process Thales provides the Get Environment Applications API. This API lets you receive the list of Applications managed within an Environment and their details, including:

  • Application ID
  • Application Name
  • Associated ClientID (Scope)
  • Authorization Workspace ID
  • Authorization Workspace Name

Application Level Review

After reviewing all Applications within an Environment, the certification review continues on the Application level. This review allows certification of all Policies that are connected to a given Application. As the Policy-Based Authorization Manager access decision is calculated and aggregated by all active Policies in the Application/ Scope, it's required to certify Policies on the Application level and not as a standalone Policy.

To support the process, the Policy-Based Authorization Manager provides the Get Application Policies API to receive the list of Policies associated with this Application, including:

  • Policy ID
  • Policy Name
  • Access Type
  • Policy State

The Policies are grouped based on Access Policies and Restrictive Policies. Policy IDs serve as unique identifiers for Policies, facilitating smooth integration with other APIs during the certification process.

Policy Review

As part of the certification process, a detailed review of each policy is required. This Review ensures that policies are consistent across an organization or system. This standardization helps reduce the likelihood of errors, misconfigurations, and inconsistencies that could lead to security breaches.

To support the process of Policy detailed review, the Policy-Based Authorization Manager provides the Export Policy

The Policy metadata includes:

  • Policy ID
  • Policy Name
  • Description
  • Access Type

The Policy Building Blocks definitions and metadata include:

  • Dynamic Group definitions
  • Condition definition
  • Actions
  • Ruleset definitions

Process Validation and Completion

At this stage, those responsible for Certification need to validate the Policy and review the most recent modifications. To support the process of validating Policies, the Policy-Based Authorization Manager provides the Get Administration Audit Events API to retrieve administrative audit events within a specific Environment. Through this API, customers can view and monitor the audit trail of recent Policy modifications, and modifications in Building Blocks definitions.

To utilize this functionality, configure the relevant filters for the API call, including:

  • Timelines: typically set from the last Certification date
  • Object ID: Policy Id obtained from the Policy review level. Query param: filter[resourceId][like]

After reviewing the latest modifications, it is possible to proceed with certifying the Policy.

On this page