Access restrictions for configuration management.
Versioning and operational control:From a security perspective, the version system previously described establishes Base Line Configurations (NIST CM 2) access restrictions for configuration management (NI5T CM 5 and 6) to deliver controlled maintenance (NIST CM 8) and Development Configuration Management (NIST SA 10). The Bot Creator does check-in, check-outs into the Control Room-based VisualSVN system. The Control Room enforces version control as bots are deployed to Bot Runners. The version system in the Control Room maintains a common bot baseline, with detailed configuration logs, and rollback capability. This is commonly used for access restrictions to the Bot Repository for change control and restricting the Least Privileges for operational control.
Baseline inventory controls for Bot Creators, Bot Runners and bots
The Control Room provides a single-pane-of-glass on all automation operations and infrastructure, providing a way to baseline the configuration of the environment. Inventory controls are maintained through the application of RBAC and the use of the Bot Repository, Operations Room, and License Management to establish a single point of control for Base Line Configurations (NIST CM 2) access restrictions for configuration management (NI5T CM 5 and 6). Configure automated baseline reporting using the auditing and reporting systems in the Control Room.
Change control and documentation RBAC
The Control Room RBAC provides a point of access control and management for all changes to the Control Room, Credential Vault, Bot Creators, bots, and Bot Runners with an automated mechanism to prohibit changes and report on any attempts to make unauthorized changes. The logging and auditing system on the Control Room provides the reporting mechanism for change management to conform to best practices as described in NIST CM-3 through 5.
Software usage and license management
The Control Room provides an automated mechanism for tracking and controlling the use of licensed software across Bot Creators and Bot Runners, addressing NIST Change Management CM 10.
Dual authorization change management
Separation of duties is implemented at multiple levels. Dual authorization is achieved through separation of control planes for the Bot Creators and Bot Runners. Only bots created by an authorized Bot Creator can be executed by a separately authorized Bot Runner and only by a user who has been given the privileges to do so by an administrator.