On this page
Automated Change Request Verification
Overview
Validate detected security policy changes against approved change requests to confirm accuracy, prevent unauthorized modifications, and support compliance.
Automated Change Request Verification guides you through using Verifier in SecureChange workflows to validate change requests after implementation.
Verification confirms whether requested access is fully implemented, partially implemented, or not implemented, and generates a visual ad hoc path analysis map that shows real-time routing and policy behavior from source to destination.
Why this matters
-
Ensure approved changes are implemented exactly as intended.
-
Validate post-implementation accuracy to support compliance and governance.
-
Compare deployed configurations against approved workflow intent.
Who this is for
-
Network engineers responsible for executing verification steps and validating rule implementation status.
-
Change managers responsible for overseeing workflow execution and approvals.
- Security operation managers responsible for reviewing verification accuracy for compliance.
-
Operational specialists driving workflow adoption and standardization across teams.
Key capabilities
Automated Change Request Verification leverages key features in SecureChange:
-
Access Request workflows to integrate verification into workflow execution.
-
Verifier to validate whether access is implemented or not.
Prerequisites
-
Successful completion of:
-
Infrastructure change management to enforce standardized processes for network access changes through automated workflows
-
Rule and group management to enforce standardized processes for rule and group changes through automated workflows.
-
Automated path identification and target selection to streamline security policy changes with automated path discovery and target selection.
-
Automated proactive risk assessment to assess the risk of security policy changes with automated analysis that identifies potential impact, violations, and exposures before deployment.
-
Step 1: Understand change request verification
The Change Request Verifier performs automated post-implementation validation for change requests.
The Verifier tool in SecureChange Workflows:
• Checks if access is fully implemented, partially implemented, or not implemented at all.
• Generates a visual ad-hoc path analysis map allowing operators to quickly view real-time routing and policy behaviour from source to destination.
Use SecureChange > Workflows to implement Verifier.
See Creating custom workflows.
Step 2: Integrate Verifier into Access Request workflow
Integrate Verifier into the relevant workflow step, typically after implementation. Configure it in the step properties.
Set workflow step mode & enable Verifier
Navigate to the correct workflow step where you want to implement verification, set the step mode and then enable the Verifier tool.
The verification flow must match your governance policy.
-
Set the step mode:
-
Auto: Runs Verifier automatically without user intervention.
-
Manual: Allows the step handler to review verification results before proceeding.
-
-
Based on the step mode you selected, enable Verifier and verification options:
-
Auto: Select Run Verifier
-
Manual: In the Access request field properties, select Automatically run Verifier after this step and Do not proceed to next step if not verified
-
When Verifier runs, the workflow behaves according to the selected mode. Status updates and verification results are visible in the SecureChange ticket and ticket history.
See:
Configuring Access request field
Step 3: Define workflow behavior for failed verification
Define how the workflow behaves when verification fails or remains incomplete, and the request still needs to move forward. For example, an object or service referenced in the request may not be supported by Tufin because of platform limitations.
Based on your governance policy, you can:
-
Block workflow progression when verification fails.
-
Allow override handling when the request must continue despite incomplete verification.
Failed verifications are captured in audit logs.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague