Security Compliance for SAP RISE Solutions
S/4HANA and other ABAP systems provisioned by SAP for RISE customers are based on standard system builds. The builds include default settings to apply security by default based on hardening requirements and best practices. The settings are outlined in SAP Note 3250501 – Information on Mandatory Security Parameters & Hardening Requirements for ABAP systems in SAP Enterprise Cloud Services (ECS).
The requirements include recommended settings for security-relevant profile parameters, deleting unused clients, securing standard users, restricting access to password hashes, RFC gateway and message server hardening, deactivating critical ICF services, managing system and client change options, and applying transport layer security. There are over 120 specific requirements across 12 areas that customers must abide by to comply with SAP security standards for RISE solutions.
The Cybersecurity Extension for SAP (CES) performs automated gap assessments to ensure RISE solutions comply with SAP security requirements. The assessments are performed using Compliance Reporting accessed from the CES launchpad.
SAP RISE should be selected from the framework selection screen.
Once the framework is selected, you can select a target system from the available systems in your SAP RISE landscape and click on Execute.
The results are summarized for each requirement and an overall compliance score is calculated for the system.
You can drilldown into each requirement to navigate the detailed findings.
You can click on the > icon for each finding to view further information and create an action plan to manage the remediation of compliance issues.
The report filters can be used to focus on specific requirements or results. For example, you can suppress compliant areas to isolate compliance failures.
Shortcuts can be created and published to the Fiori launchpad for fast access to compliance results.
The shortcuts can be published as custom tiles to existing or new work groups.
Compliance reports can also be scheduled to run on regular intervals. The reports are automatically distributed in PDF or CSV to recipients by email during each run.
The Cybersecurity Extension for SAP is an SAP-certified addon for SAP Solution Manager and SAP Focused Run. An addon version for other SAP NetWeaver AS ABAP systems such as SAP GRC is expected in Q4 this year.