SAP Policy Management, group insurance add-on 1.1

Similar documents
Security Information for SAP Asset Strategy and Performance Management

Data Protection and Privacy for Fraud Watch

Business Add-Ins (BAdIs) for SD Jam Integration Document Version:

Security Information for SAP Asset Strategy and Performance Management

Quality Inspection Engine (QIE) Security Guide

SAP Business One Upgrade Strategy Overview

Visual Business Configuration with SAP TM

SAP Business One Upgrade Strategy Overview

What's New in SAP Landscape Transformation Replication Server 2.0 SP15

What's New in SAP Landscape Transformation Replication Server 2.0 SP13

SAP Business One Hardware Requirements Guide

SAP Workforce Performance Builder 9.5

Automated Java System Post-Copy Configuration Using SAP Landscape Management 3.0, Enterprise Edition

SAP Enable Now. Desktop Components (Cloud Edition)

SAP Business One Hardware Requirements Guide

How To Protect your Intellectual Property

Standalone Retrofit. Required Steps when Upgrading to SAP Solution Manager 7.2, SP03

SAP Business One Hardware Requirements Guide

Quick Guide to Implementing SAP Predictive Analytics Content Adoption rapiddeployment

SAP Business One Hardware Requirements Guide

Access Control 5.3 Implementation Considerations for Superuser Privilege Management ID-Based Firefighting versus Role-Based Firefighting Applies to:

Security Guide SAP Sports One Document Version: CUSTOMER. SAP Sports One

SAP Policy Management 5.4

SAP NetWeaver Master Data Management

Development Information Document Version: CUSTOMER. ABAP for Key Users

Deleting SAP HANA Delivery Units and Products

Software and Delivery Requirements

Trigger-Based Data Replication Using SAP Landscape Transformation Replication Server

SAP Landscape Transformation for SAP HANA (HA1)

Configuring the SAP Cryptolibrary on the ABAP Application Server

Server Extension User s Guide SAP BusinessObjects Planning and Consolidation 10.0, version for the Microsoft platform

SAP Branch Agreement Origination V3.703: Software and Delivery Requirements

SAP Landscape Transformation Replication Server

Security Guide SAP Sports One Document Version: CUSTOMER. SAP Sports One

HA215 SAP HANA Monitoring and Performance Analysis

Authentication of a WS Client Using a SAP Logon Ticket

How to Work with Analytical Portal

SAP Workforce Performance Builder

Feature Scope Description Document Version: CUSTOMER. SAP Analytics Hub. Software version 17.09

SAP Mobile Secure Rapiddeployment. Software Requirements

How To Set up NWDI for Creating Handheld Applications in SAP NetWeaver Mobile 7.1

Visual Structure Manager Administration Guide

SAP Business One, version for SAP HANA Platform Support Matrix

SLT100. Real Time Replication with SAP LT Replication Server COURSE OUTLINE. Course Version: 13 Course Duration: 3 Day(s)

How To... Configure Integrated Configurations in the Advanced Adapter Engine

BC403 Advanced ABAP Debugging

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SAP NetWeaver How-To Guide

How to Set Up and Use Electronic Tax Reporting

SAP Workforce Performance Builder 9.5

Setting Up an Environment for Testing Applications in a Federated Portal Network

SAP Composite Application Framework. Creating an External Service type Callable Object in Guided Procedures

SAP ME Build Tool 6.1

Simplified Configuration of Single System Update in Maintenance Optimizer

How to Set Up Data Sources for Crystal Reports Layouts in SAP Business One, Version for SAP HANA

SAP NetWeaver 04 Security Guide. Network and Communication Security

Configuring Client Keystore for Web Services

HA240 SAP HANA 2.0 SPS02

Forwarding Alerts to Alert Management (ALM)

SAP NetWeaver How-To Guide

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day

SAP HANA Authorization (HA2)

SAP EarlyWatch Alert. SAP HANA Deployment Best Practices Active Global Support, SAP AG 2015

INTERNAL USE ONLY SAP BusinessObjects EPM Add-in for Microsoft Office Support Package 17 / Patch XX Installation Procedure

How To...Configure Integration of CUP with SPM

How To Recover Login Module Stack when login to NWA or Visual Administrator is impossible

BC414. Programming Database Updates COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP NetWeaver 04 Security Guide. Operating System Security: SAP System Security Under Windows

opensap How-to Guide for Exercise Instructor-Led Walkthrough of SAML2 Configuration (Week 4 Unit 5)

Partition Wizard User s Guide SAP BusinessObjects Planning and Consolidation 10.0, version for the Microsoft platform

HA240 Authorization, Security and Scenarios

Hybris Marketing Web Tracking

ADM110. Installing and Patching SAP S/4HANA and SAP Business Suite Systems COURSE OUTLINE. Course Version: 17 Course Duration: 4 Day(s)

Integrating a Web Service in a Composite Application. SAP Composite Application Framework

HA215 SAP HANA Monitoring and Performance Analysis

ADM110. Installing and Patching SAP S/4HANA and SAP Business Suite Systems COURSE OUTLINE. Course Version: 18 Course Duration: 4 Day(s)

BC405 Programming ABAP Reports

How To... Promote Reports and Input Schedules Through Your System Landscape

How To Generate XSD Schemas from Existing MDM Repositories

BOD410 SAP Lumira 2.0 Designer

JCo 3.0 in Web Channel 7.54

How To... Reuse Business Objects and Override Operations of a Business Object

HA400 ABAP Programming for SAP HANA

S4H01. Introduction to SAP S/4HANA COURSE OUTLINE. Course Version: 04 Course Duration: 2 Day(s)

How to Package and Deploy SAP Business One Extensions for Lightweight Deployment

ADM505. Oracle Database Administration COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

Installation Guide Plant Connectivity 2.3

CLD100. Cloud for SAP COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

D75AW. Delta ABAP Workbench SAP NetWeaver 7.0 to SAP NetWeaver 7.51 COURSE OUTLINE. Course Version: 18 Course Duration:

How To...Use a Debugging Script to Easily Create a Test Environment for a SQL-Script Planning Function in PAK

How to Install SAP Netweaver 2004s ABAP Edition on Your Local PC

C4C30. SAP Cloud Applications Studio COURSE OUTLINE. Course Version: 21 Course Duration: 4 Day(s)

HA301. SAP HANA 2.0 SPS03 - Advanced Modeling COURSE OUTLINE. Course Version: 15 Course Duration:

SAP - How-To Guide MDG Custom Object Data Replication How to Configure Data Replication for MDG Custom Objects (Flex Option)

UX402 SAP SAPUI5 Development

How To... Master Data Governance for Material: BADI USMD_SSW_SYSTEM_METHOD_CALLER to create successor change request

SAP NetWeaver How-To Guide. SAP NetWeaver Gateway Virtualization Guide

Certification Suite BC-ILM 3.0

Web Dynpro for ABAP: Tutorial 5 Component and Application Configuration

How To... Master Data Governance for Material: File Down- and Upload

Transcription:

Security Guide Document Version: 1.1 2017-05-03 1.1

Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. EXAM PLE Keys on the keyboard, for example, F2 or EN TER. 2 2017 SAP AG or an SAP affiliate company. All rights reserved. Typographic Conventions

Document History Version Date Change 1.0 2017-04-28 First version of this guide 1.1 2017-05-03 Correction/clarification Document History Error! Unknown switch argument. 3

Table of Contents 1 Introduction... 5 2 Before You Start... 7 3 Technical System Landscape... 8 4 Security Aspects of Data, Data Flow and Processes... 9 5 User Administration and Authentication... 10 5.1 User Management... 10 5.2 Integration into Single Sign-On Environments... 10 6 Authorizations... 11 6.1 Authorization Objects... 12 7 Session Security Protection... 14 8 Network and Communication Security... 15 9 Application-Specific Virus Scan Profile (ABAP)... 16 10 Data Storage Security... 17 11 Data Protection... 18 11.1 Privacy and Data Protection... 19 12 Security-Relevant Logging and Tracing... 20 13 Dispensable Functions with Impacts on Security... 21 14 Services for Security Lifecycle Management... 22 4 2017 SAP AG or an SAP affiliate company. All rights reserved. Table of Contents

1 Introduction Caution This guide does not replace the administration or operation guides that are available for productive operations. Target Audience Technology consultants Security consultants System administrators This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all life cycle phases. Why Is Security Necessary? With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation of your system should not result in loss of information or processing time. These demands on security apply likewise to. To assist you in securing, we provide this Security Guide. About this Document The Security Guide provides an overview of the security-relevant information that applies to SAP Policy Management, group insurance add-on. It contains only security-relevant information specific to SAP Policy Management, group insurance add-on. As it is based on SAP Policy Management, for general and additional information, refer to the SAP Policy Management Security Guide. Caution Before you start, make sure that you have the latest version of this document. You can find the latest version on the Help Portal page for https://help.sap.com/viewer/p/sap_policy_management,_add-on_for_group_insurance. You can also find the latest guides for SAP Policy Management on the Help Portal https://help.sap.com/viewer/p/sap_policy_management. Introduction Error! Unknown switch argument. 5

Overview of the Main Sections The Security Guide comprises the following main sections: Before You Start This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide. Technical System Landscape This section provides an overview of the technical components and communication paths that are used by. Security Aspects of Data, Data Flow and Processes This section provides an overview of security aspects involved throughout the most widely-used processes within. User Administration and Authentication This section provides an overview of the following user administration and authentication aspects: o Recommended tools to use for user management o Overview of how integration into Single Sign-On environments is possible Authorizations This section provides an overview of the authorization concept that applies to SAP Policy Management, group insurance add-on. Session Security Protection This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s). Network and Communication Security This section provides an overview of the communication paths used by SAP Policy Management, group insurance add-on and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level. Application-Specific Virus Scan Profile (ABAP) This section provides an overview of the behavior of the AS ABAP when application-specific virus scan profiles are activated. Data Storage Security This section provides an overview of any critical data that is used by the SAP Policy Management, group insurance add-on and the security mechanisms that apply. Data Protection This section provides information about how protects personal or sensitive data. Security-Relevant Logging and Tracing This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur. Services for Security Lifecycle Management This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis. 6 2017 SAP AG or an SAP affiliate company. All rights reserved. Introduction

2 Before You Start Fundamental Security Guides The is an add-on to SAP Policy Management. Therefore, the corresponding Security Guides also apply to. Pay particular attention to the most relevant sections or specific restrictions as indicated in the table below. Fundamental Security Guides Component Security Guide SAP Policy Management 5.4 Security Guide Most Relevant Sections or Specific Restrictions Complete document plus all security guides referenced in the SAP Policy Management 5.4 Security Guide. https://help.sap.com/viewer/p/sap_policy_managemen T For a complete list of the available SAP Security Guides, see SAP Service Marketplace at http://service.sap.com/securityguide. Important SAP Notes For a list of security-relevant SAP Hot News and SAP Notes, see https://support.sap.com/securitynotes. Additional Information For more information about specific topics, see the Quick Links as shown in the table below. Content Security Security Guides Related SAP Notes Released platforms Network security SAP Solution Manager SAP NetWeaver Quick Link on SAP Service Marketplace or SCN http://scn.sap.com/community/security http://service.sap.com/securityguide https://support.sap.com/notes https://support.sap.com/securitynotes https://support.sap.com/release-upgrademaintenance/pam.html http://service.sap.com/securityguide https://support.sap.com/solutionmanager http://scn.sap.com/community/netweaver Before You Start Error! Unknown switch argument. 7

3 Technical System Landscape Use For information about the technical system landscape, see the resources listed in the table below. Topic Guide/Tool Quick Link on SAP Service Marketplace or SCN Technical description for SAP for Insurance and the underlying components such as SAP NetWeaver High availability Technical landscape design Security Master Guide See applicable documents See applicable documents See applicable documents https://help.sap.com/viewer/p/sap_policy_managemen T https://www.sap.com/community.html https://archive.sap.com/documents/docs/doc-8140 https://www.sap.com/community/topic/security.html 8 2017 SAP AG or an SAP affiliate company. All rights reserved. Technical System Landscape

4 Security Aspects of Data, Data Flow and Processes There are no specific security aspects for. Security Aspects of Data, Data Flow and Processes Error! Unknown switch argument. 9

5 User Administration and Authentication uses the user management and authentication mechanisms provided with the SAP NetWeaver platform, specifically the SAP NetWeaver Application Server ABAP. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Application Server ABAP Security Guide also apply to SAP Policy Management, group insurance addon. In addition to these guidelines, we include information about user administration and authentication that specifically applies to in the following topics: User Management [Page 10] This topic lists the tools to use for user management, the types of users required, and the standard users that are delivered with. Integration into Single Sign-On Environments [Page 10] This topic describes how supports Single Sign-On mechanisms. 5.1 User Management Use User management for uses the mechanisms provided with the SAP NetWeaver Application Server ABAP, for example, tools, user types, and password policies. 5.2 Integration into Single Sign-On Environments Use supports the Single Sign-On (SSO) mechanisms provided by SAP NetWeaver. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP NetWeaver Security Guide also apply to SAP Policy Management, group insurance add-on. For more information about the available authentication mechanisms, see User Authentication and Single Sign- On in the SAP NetWeaver Library. 10 2017 SAP AG or an SAP affiliate company. All rights reserved. User Administration and Authentication

6 Authorizations Use uses the authorization concept provided by the SAP NetWeaver AS ABAP or AS Java. Therefore, the recommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAP also apply to. The SAP NetWeaver authorization concept is based on assigning authorizations to users based on roles. For role maintenance, use the profile generator (transaction PFCG) on the AS ABAP and the User Management Engine s user administration console on the AS Java. Note For more information about how to create roles, see Role Administration in the SAP NetWeaver Security Guide in the SAP Help Portal https://help.sap.com/. Role and Authorization Concept for SAP Policy Management, group insurance add-on A specific authorization check using an authorization object is integrated into all existing master policy business processes to restrict usage based on the authorization criteria. This authorization object is configurable for specific lines of business. In SU21, the object class /PMG and the authorization object /PMG/MPO are available. The authorization /PMG/MPGRP field has been created using the report RSU20_NEW. Authorizations Error! Unknown switch argument. 11

The Authorization group attribute (AUGRP_ID) has been added to the Master Policy In-Force Business Configurator. It is available at the root entity templates. The attribute (AUGRP_ID) has a linked value table from which the possible values are displayed. This table is available in Customizing. You can customize the available authorization groups. In Customizing for Policy Management, choose Policy Management Group Enhancement Basis Master Policy Management Define Master Policy Authorization Groups. 6.1 Authorization Objects 6.1.1.1 Standard Authorization Objects The table below shows the specific security-relevant authorization objects that are used by SAP Policy Management, group insurance add-on. Standard Authorization Objects Authorization Object Field Value Description /PMG/MPO /PMG/MPGRP Authorization Object for Master Policy Business Process 6.1.1.2 Master Policy Authorization object A new authorization check using an authorization object is integrated into all existing Master Policy business processes to restrict usage based on the authorization criteria. This authorization object is configurable for specific LoBs. In SU21, a new object class /PMG has been created and a new authorization object /PMG/MPO has been added. A new authorization /PMG/MPGRP field has been created using the report RSU20_NEW. 12 2017 SAP AG or an SAP affiliate company. All rights reserved. Authorizations

Master Policy IBC Configuration: A new Authorization group attribute (AUGRP_ID) is added to the Master Policy IBC. This will be available at the root entity templates. Customizing: The attribute (AUGRP_ID) will have a linked value table from which the possible values will be displayed. This table will be available in the SPRO as a new node from where the customer can customize the available Authorization groups. In Customizing for Policy Management, choose Policy Management Group Enhancement Basis Master Policy Management Define Master Policy Authorization Groups Authorizations Error! Unknown switch argument. 13

7 Session Security Protection To increase security and prevent access to the SAP logon ticket and security session cookie(s), we recommend activating secure session management. We also highly recommend using SSL to protect the network communications where these security-relevant cookies are transferred. Session Security Protection on the AS ABAP To activate session security on the AS ABAP, set the corresponding profile parameters and activate the session security for the client(s) using the transaction SICF_SESSIONS. For more information, a list of the relevant profile parameters, and detailed instructions, see Activating HTTP Security Session Management on AS ABAP in the AS ABAP security documentation. Session Security Protection on the AS Java On the AS Java, set the HTTP Provider properties as described in Session Security Protection. 14 2017 SAP AG or an SAP affiliate company. All rights reserved. Session Security Protection

8 Network and Communication Security Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system level and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the backend system s database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines. The network topology for is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to. For more information, see the following sections in the SAP NetWeaver Security Guide in the SAP Help Portal https://help.sap.com/ Network and Communication Security Security Guides for Connectivity and Interoperability Technologies Network and Communication Security Error! Unknown switch argument. 15

9 Application-Specific Virus Scan Profile (ABAP) SAP provides an interface for virus scanners to prevent manipulated or malicious files from damaging the system. To manage the interface and what file types are checked or blocked, there are virus scan profiles. Different applications rely on default profiles or application-specific profiles. To use a virus scanner with the SAP system, you must activate and set up the virus scan interface. During this process, you also set up the default behavior. SAP also provides default profiles. For more information, see SAP Virus Scan Interface and SAP Note 1693981 (Unauthorized modification of displayed content). 16 2017 SAP AG or an SAP affiliate company. All rights reserved. Application-Specific Virus Scan Profile (ABAP)

10 Data Storage Security Use provides no specific data storage security aspects. Activating the Validation of Logical Path and File Names These logical paths and file names, as well as any subdirectories, are specified in the system for the corresponding programs. For downward compatibility, the validation at runtime is deactivated by default. To activate the validation at runtime, maintain the physical path using the transactions FILE (client-independent) and SF01 (client-specific). To find out which paths are being used by your system, you can activate the corresponding settings in the Security Audit Log. For more information, see: Logical File Names Protecting Access to the File System Security Audit Log Data Storage Security Error! Unknown switch argument. 17

11 Data Protection Data protection is associated with numerous legal requirements and privacy concerns. In addition to compliance with general data privacy acts, it is necessary to consider compliance with industry-specific legislation in different countries. This section describes the specific features and functions that SAP provides to support compliance with the relevant legal requirements and data privacy. This section and any other sections in this Security Guide do not give any advice on whether these features and functions are the best method to support company, industry, regional or country-specific requirements. Furthermore, this guide does not give any advice or recommendations with regard to additional features that would be required in a particular environment; decisions related to data protection must be made on a case-bycase basis and under consideration of the given system landscape and the applicable legal requirements. Note In the majority of cases, compliance with data privacy laws is not a product feature. SAP software supports data privacy by providing security features and specific data-protection-relevant functions such as functions for the simplified blocking and deletion of personal data. SAP does not provide legal advice in any form. The definitions and other terms used in this guide are not taken from any given legal source. Glossary Term Personal data Business purpose Blocking Deletion Retention period End of purpose (EoP) Definition Information about an identified or identifiable natural person. A legal, contractual, or in other form justified reason for the processing of personal data. The assumption is that any purpose has an end that is usually already defined when the purpose starts. A method of restricting access to data for which the primary business purpose has ended. Deletion of personal data so that the data is no longer usable. The time period during which data must be available. A method of identifying the point in time for a data set when the processing of personal data is no longer required for the primary business purpose. After the EoP has been reached, the data is blocked and can only be accessed by users with special authorization. Some basic requirements that support data protection are often referred to as technical and organizational measures (TOM). The following topics are related to data protection and require appropriate TOMs: Access control: Authentication features as described in section User Administration and Authentication [Page 10]. Authorizations: Authorization concept as described in section Authorizations [Page 11]. Transmission control / Communication security: as described in section Network and Communication Security [Page 15] and Security Aspects of Data, Data Flow and Processes [Page 9]. 18 2017 SAP AG or an SAP affiliate company. All rights reserved. Data Protection

Availability control as described in: o Section Data Storage Security [Page 17] o SAP NetWeaver Database Administration documentation on the SAP Help Portal https://help.sap.com/ o SAP Business Continuity documentation in the SAP NetWeaver Application Help under Function-Oriented View Solution Life Cycle Management SAP Business Continuity Separation by purpose: Is subject to the organizational model implemented and must be applied as part of the authorization concept. Caution The extent to which data protection is ensured depends on secure system operation. Network security, security note implementation, adequate logging of system changes, and appropriate usage of the system are the basic technical requirements for compliance with data privacy legislation and other legislation. Configuration of Data Protection Functions Certain central functions that support data protection compliance are grouped in Customizing for Cross- Application Components under Data Protection. Additional industry-specific, scenario-specific or application-specific configuration might be required. For information about the application-specific configuration, see the application-specific Customizing in SPRO. 11.1 Privacy and Data Protection No personal or sensitive data is stored. Data Protection Error! Unknown switch argument. 19

12 Security-Relevant Logging and Tracing Use There is no security-relevant logging and tracing specific to. 20 2017 SAP AG or an SAP affiliate company. All rights reserved. Security-Relevant Logging and Tracing

13 Dispensable Functions with Impacts on Security No dispensable functions were developed. Dispensable Functions with Impacts on Security Error! Unknown switch argument. 21

14 Services for Security Lifecycle Management The following services are available from Active Global Support to assist you in maintaining security in your SAP systems on an ongoing basis. Security Chapter in the EarlyWatch Alert (EWA) Report This service regularly monitors the Security chapter in the EarlyWatch Alert report of your system. It tells you: Whether SAP Security Notes have been identified as missing on your system. In this case, analyze and implement the identified SAP Notes if possible. If you cannot implement the SAP Notes, the report should be able to help you decide on how to handle the individual cases. Whether an accumulation of critical basis authorizations has been identified. In this case, verify whether the accumulation of critical basis authorizations is okay for your system. If not, correct the situation. If you consider the situation okay, you should still check for any significant changes compared to former EWA reports. Whether standard users with default passwords have been identified on your system. In this case, change the corresponding passwords to non-default values. Security Optimization Service (SOS) The Security Optimization Service can be used for a more thorough security analysis of your system, including: Critical authorizations in detail Security-relevant configuration parameters Critical users Missing security patches This service is available as a self-service within SAP Solution Manager, as a remote service, or as an on-site service. We recommend you use it regularly (for example, once a year) and particularly after significant system changes or in preparation for a system audit. Security Configuration Validation The Security Configuration Validation can be used to continuously monitor a system landscape for compliance with predefined settings, for example, from your company-specific SAP Security Policy. This primarily covers configuration parameters, but it also covers critical security properties like the existence of a non-trivial Gateway configuration or making sure standard users do not have default passwords. 22 2017 SAP AG or an SAP affiliate company. All rights reserved. Services for Security Lifecycle Management

Security in the RunSAP Methodology / Secure Operations Standard With the E2E Solution Operations Standard Security service, a best practice recommendation is available on how to operate SAP systems and landscapes in a secure manner. It guides you through the most important security operation areas and links to detailed security information from SAP s knowledge base wherever appropriate. More Information For more information about these services, see: EarlyWatch Alert: https://support.sap.com/support-programs-services/services/earlywatch-alert.html Security Optimization Service / Security Notes Report: https://support.sap.com/sos Comprehensive list of Security Notes: https://support.sap.com/securitynotes Configuration Validation: http://service.sap.com/changecontrol RunSAP Roadmap, including the Security and the Secure Operations Standard: https://support.sap.com/support-programs-services/methodologies/implement-sap.html Services for Security Lifecycle Management Error! Unknown switch argument. 23

www.sap.com/contactsap 2017 SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Material Number: NA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback