ISSUE:
When a lost hardware token is unassigned from a user, the fact it is lost cannot be discerned after it is returned to the list of Unassigned Tokens. There is no easy way in the RSA Authentication Manager to differentiate between the unassigned tokens the organization can account for from the unassigned tokens that are lost/stolen.
ENHANCEMENT FOR AUDITING:
It would be beneficial if there were a field in the SecurID Tokens list where one could sort, or search on, to provide a quick list of lost tokens for auditing purposes. In addition, providing an optional field for an internal case #, and a date when the token was discovered/reported lost. Having the capability of running a Report that utilized those fields would be advantageous, as well.
IMPACT:
The organization could quickly provide a true account of all tokens they are responsible for when answering any inquiries and audits to which they are contractually held accountable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.