SAP Security Optimization Services Portfolio

SAP Security Optimization Service Portfolio ensures smooth operation of your SAP solution by taking action proactively, before severe security problems occur.

Best Practices

Keeping the security and availability of your SAP solution high is a tremendous value to your business. Analysis will:

Decrease the risk of a system intrusion
Ensure the confidentiality of your business data
Ensure the authenticity of your users
Substantially reduce the risk of costly downtime due to wrong user interaction

This SAP Security Optimization Services Portfolio topics:

Security Overview

This area is best if you are interested in general SAP Security Optimization Services and want an overview.

Security Topics Area

This area gives you an entry point into different topic areas such as “Security Patch Management” or “Security Configuration Analysis”.

Security Services, Tools and Information

provides you with an overview and links to further information on service offerings, including information and best practices, tools and self-services, remote and on-site service offerings, and more systematic engagement models.

Advisories

SAP Security Notes Advisory (May 2021)

Security Notes Webinar (May 2021)

How to register

Security Overview

Security Topics Area

Security Services, Tools and Information

Best practices-based security services

SAP enables its customers to protect their business processes through a comprehensive security portfolio turned into services. We take the security chapter of the EarlyWatch Alert as a starting point to offer detailed services mainly around the Security Optimization Service ant the Security Notes which are published on SAP Support Portal and shown in the application System Recommendations of the SAP Solution Manager.

Combining the results of these services with the existing Security Policy of the company we define the company's SAP Security Baseline. This document is then used do define Target Systems for the application Configuration Validation in the SAP Solution Manager. You can either use the cross-system BW reports of that application directly or you can pass results to another reporting infrastructure like a Management Dashboard within the SAP Solution Manager, to Business Objects, to GRC Process Control or any other reporting system.

References

Among others, following sources are used within the security services:

SAP Note 863362 - EarlyWatch Alert (EWA) report - Security chapter

Change Diagnostics

Configuration Validation

Security Audit Log

SIS264 Securing Remote Access within SAP NetWeaver AS ABAP

Protecting SAP Applications Against Common Attacks

Secure Configuration SAP NetWeaver Application Server ABAP

SAP Security Recommendations: Securing Remote Function Calls (RFC)

Governance, Risk, and Compliance — Access Control

Governance, Risk, and Compliance — Process Control

SAP NetWeaver Identity Management

Media Library

Title	Type	Changed
_SAP Security Notes Advisory	ZIP	2021-05
_Security Notes Webinar	PDF	2021-05
RFC Gateway and Message Server Security	PDF	2019-06
SAP CoE Security Services - Check Configuration & Authorization	PDF	2020-01
SAP CoE Security Services - Overview	PDF	2020-01
SAP CoE Security Services - Secure Operations Map	PDF	2020-01
SAP CoE Security Services - Security Patch Process	PDF	2019-07
SAP CoE Security Services - Security Baseline Template Version 1.9 (including ConfigVal Package version 1.9_CV-5)	ZIP	2018-08
SAP CoE Security Services - Security Baseline Template Version 2.2 (including ConfigVal and Dashboard Builder Package CV-4)	ZIP	2021-02
Security Baseline Template Version 2.2 Policies for FRUN	GitHub	2020-11
Arbeitspapier - SAP Security Patch Day (German)	PDF	2012-08
Working Paper - SAP Security Patch Day (English)	PDF	2012-08
Configuration Validation WIKI (current version see online version)	PDF	2016-04
EarlyWatch Alert Report - Security Chapter	PDF	2020-05
Factsheet Security Engagement	PDF	2017-10
HANA Security Remote Service Content	PDF	2016-10
RFC Security v1.2 (from 2004-2008)	PDF	2008-07
SAP Cloud Platform - Neo Environment - Security	PDF	2018-01
SEC204 – Live on Stage: Monthly Security Patch Webinar about System Recommendations on SAP Solution Manager 7.2	PDF	2016-11
SIS261 Cross-System Security Validation using SAP Solution Manager 7.1 (Exercises)	PDF	2014-11
SCI262 Cross-System Security Validation Using SAP Solution Manager 7.1	PDF	2014-11
SCI262 Cross-System Security Validation Using SAP Solution Manager 7.1 (Recording)	MP4	2014-11
SIS264 Securing Remote Access within SAP NetWeaver AS ABAP	PDF	2012-11
SOS: Get List of ALL Detected Users	PDF	2015-04
Security Optimization Self Service - Overview	PDF	2010-05
How to run the SOS on SAP Solution Manager 7.2	PDF	2020-12
Security Optimization Self-Service - Questionnaire	PDF	2013-02
Security Optimization Self-Service - Sample Report for ABAP	PDF	2020-05
Security Optimization Self-Service - Sample Report for HANA	PDF	2020-05
Security Optimization Self-Service - Sample Report for JAVA	PDF	2018-12
Security Optimization Service - ABAP Checks	PDF	2020-04
Security Optimization Service - HANA Checks	PDF	2020-04
Security Optimization Service - JAVA Checks	PDF	2020-04
Security Optimization Service - Summary	PDF	2010-05
Security Optimization Service - Watcher Guide	PPT	2010-06
Verify Users Authorization	PDF	2012-08

My Trust Center

Access SAP ONE Support Launchpad

Getting Started with Support

SAP Support during the Covid-19 crisis