Systems and processes for managing policy change in a distributed enterprise
First Claim
1. A method for managing system policies in a distributed enterprise, the method comprising:
- receiving a systems policy change request to change a systems policy that implements a published enterprise policy in the distributed enterprise, wherein the published enterprise policy comprises;
defined boundaries of allowable password constructions;
defined boundaries of password retention duration;
a definition of allowed application program licenses;
defined boundaries of anti-virus software configuration and operation; and
defined boundaries of privileged and entitled access permissions to resources in the distributed enterprise; and
wherein the systems policy presents a mechanism for implementing the published enterprise policy into enforceable system and user configurations;
determining whether the requested systems policy change complies with the published enterprise policy and is not rendered unnecessary by another systems policy in the distributed enterprise; and
updating the systems policy according to the requested systems policy change if the requested system policy change complies with the published enterprise policy and is not rendered unnecessary by another systems policy in the distributed enterprise,wherein the systems policy is stored in a memory.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for managing changes to policies in an enterprise includes receiving a systems policy change request to change a systems policy that implements a published enterprise policy, determining whether the requested systems policy change complies with the published enterprise policy, and updating the systems policy according to the requested systems policy change if the requested systems policy change complies with the published enterprise policy. A system for managing policies in an enterprise includes a policy management module configured for receiving published policies and generating corresponding systems policies having data for implementing the published policies, and a policy library storing the published policies and the systems policies.
184 Citations
19 Claims
-
1. A method for managing system policies in a distributed enterprise, the method comprising:
-
receiving a systems policy change request to change a systems policy that implements a published enterprise policy in the distributed enterprise, wherein the published enterprise policy comprises; defined boundaries of allowable password constructions; defined boundaries of password retention duration; a definition of allowed application program licenses; defined boundaries of anti-virus software configuration and operation; and defined boundaries of privileged and entitled access permissions to resources in the distributed enterprise; and wherein the systems policy presents a mechanism for implementing the published enterprise policy into enforceable system and user configurations; determining whether the requested systems policy change complies with the published enterprise policy and is not rendered unnecessary by another systems policy in the distributed enterprise; and updating the systems policy according to the requested systems policy change if the requested system policy change complies with the published enterprise policy and is not rendered unnecessary by another systems policy in the distributed enterprise, wherein the systems policy is stored in a memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more computer storage media having computer-executable instructions that, when executed, cause a computer to perform a process comprising:
-
receiving one or more published policies setting forth enterprise guidelines in a distributed enterprise, wherein the enterprise guidelines of the one or more published policies comprise; defined boundaries of allowable password constructions; defined boundaries of password retention duration; a definition of allowed application program licenses; defined boundaries of anti-virus software configuration and operation; defined boundaries on secure access configurations; and defined boundaries of privileged and entitled access permissions; and for each published policy, generating one or more corresponding systems policies containing configuration settings for implementing the published policy, wherein the one or more corresponding systems policies present a mechanism for implementing the one or more published policies into enforceable system and user configurations in the distributed enterprise; applying the one or more systems policies to an entity in the distributed enterprise; receiving a policy change request requesting to change a systems policy;
identifying when;the policy change request does not violate a published policy; the policy change request is rendered unnecessary by another systems policy; and another systems policy is rendered obsolete by implementing the policy change request; and processing the policy change request based on the identifying, the processing comprising; implementing the requested change to the systems policy when the requested change does not violate a published policy and the requested change is not rendered unnecessary by another systems policy. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for managing policies in an enterprise, the system comprising:
-
a policy management module configured for creating a reference between a published policy and a corresponding systems policy having data for implementing the published policy, wherein the policy management module is further configured to; identify when the corresponding systems policy conflicts with the published policy; identify when the corresponding systems policy is rendered unnecessary by another systems policy; and identify when another systems policy is rendered obsolete by the corresponding systems policy; and a policy library storing the published policy and the systems policy, and wherein the published policy comprises; defined boundaries of allowable password constructions; defined boundaries of password retention duration; a definition of allowed application program licenses; defined boundaries of anti-virus software configuration and operation; and defined boundaries of privileged and entitled access permissions to resources in the enterprise; and wherein the systems policy presents a mechanism for implementing the published policy into enforceable system and user configurations. - View Dependent Claims (18, 19)
-
Specification