SAP Security Optimization Service Portfolio ensures smooth operation of your SAP solution by taking action proactively, before severe security problems occur.
Keeping the security and availability of your SAP solution high is a tremendous value to your business. Analysis will:
This SAP Security Optimization Services Portfolio topics:
This area is best if you are interested in general SAP Security Optimization Services and want an overview.
This area gives you an entry point into different topic areas such as “Security Patch Management” or “Security Configuration Analysis”.
provides you with an overview and links to further information on service offerings, including information and best practices, tools and self-services, remote and on-site service offerings, and more systematic engagement models.
SAP enables its customers to protect their business processes through a comprehensive security portfolio turned into services. We take the security chapter of the EarlyWatch Alert as a starting point to offer detailed services mainly around the Security Optimization Service ant the Security Notes which are published on SAP Support Portal and shown in the application System Recommendations of the SAP Solution Manager.
Combining the results of these services with the existing Security Policy of the company we define the company's SAP Security Baseline. This document is then used do define Target Systems for the application Configuration Validation in the SAP Solution Manager. You can either use the cross-system BW reports of that application directly or you can pass results to another reporting infrastructure like a Management Dashboard within the SAP Solution Manager, to Business Objects, to GRC Process Control or any other reporting system.
Among others, following sources are used within the security services:
|_SAP Security Notes Advisory||ZIP||2021-05|
|_Security Notes Webinar||2021-05|
|RFC Gateway and Message Server Security||2019-06|
|SAP CoE Security Services - Check Configuration & Authorization||2020-01|
|SAP CoE Security Services - Overview||2020-01|
|SAP CoE Security Services - Secure Operations Map||2020-01|
|SAP CoE Security Services - Security Patch Process||2019-07|
|SAP CoE Security Services - Security Baseline Template Version 1.9 (including ConfigVal Package version 1.9_CV-5)||ZIP||2018-08|
|SAP CoE Security Services - Security Baseline Template Version 2.2 (including ConfigVal and Dashboard Builder Package CV-4)||ZIP||2021-02|
|Security Baseline Template Version 2.2 Policies for FRUN||GitHub||2020-11|
|Arbeitspapier - SAP Security Patch Day (German)||2012-08|
|Working Paper - SAP Security Patch Day (English)||2012-08|
|Configuration Validation WIKI (current version see online version)||2016-04|
|EarlyWatch Alert Report - Security Chapter||2020-05|
|Factsheet Security Engagement||2017-10|
|HANA Security Remote Service Content||2016-10|
|RFC Security v1.2 (from 2004-2008)||2008-07|
|SAP Cloud Platform - Neo Environment - Security||2018-01|
|SEC204 – Live on Stage: Monthly Security Patch Webinar about System Recommendations on SAP Solution Manager 7.2||2016-11|
|SIS261 Cross-System Security Validation using SAP Solution Manager 7.1 (Exercises)||2014-11|
|SCI262 Cross-System Security Validation Using SAP Solution Manager 7.1||2014-11|
|SCI262 Cross-System Security Validation Using SAP Solution Manager 7.1 (Recording)||MP4||2014-11|
|SIS264 Securing Remote Access within SAP NetWeaver AS ABAP||2012-11|
|SOS: Get List of ALL Detected Users||2015-04|
|Security Optimization Self Service - Overview||2010-05|
|How to run the SOS on SAP Solution Manager 7.2||2020-12|
|Security Optimization Self-Service - Questionnaire||2013-02|
|Security Optimization Self-Service - Sample Report for ABAP||2020-05|
|Security Optimization Self-Service - Sample Report for HANA||2020-05|
|Security Optimization Self-Service - Sample Report for JAVA||2018-12|
|Security Optimization Service - ABAP Checks||2020-04|
|Security Optimization Service - HANA Checks||2020-04|
|Security Optimization Service - JAVA Checks||2020-04|
|Security Optimization Service - Summary||2010-05|
|Security Optimization Service - Watcher Guide||PPT||2010-06|
|Verify Users Authorization||2012-08|