Risk "False/Positive" in rule set
We use VIRSA Compliance Calibrator 4.0 to monitor segregation of
duties, and we want upgrade the version, and currently we are testing
GRC AC ARA 10.0.
The problem is that we have the same rule set in both versions
(exactly), but in GRC 10.0 the reports show us different results.
We don´t know what is the reason, we are trying to investigate if we
did something wrong. But the "false/positive" risk that ARA is showing
is when we run the report to permission and action level.
Could you tell us if we forgot update some parameter? this situation
happens for users and roles (simple, composite and derived).