Documente Academic
Documente Profesional
Documente Cultură
Action Description
Add a policy from a template. See “Adding a new policy or policy template” on page 354.
Choose the template you want to At the Manage > Policies > Policy List > New Policy - Template List screen the
use. system lists all policy templates.
System-provided template categories:
■ See “US Regulatory Enforcement policy templates” on page 344.
■ See “UK and International Regulatory Enforcement policy templates” on page 346.
■ See “Customer and Employee Data Protection policy templates” on page 346.
■ See “Confidential or Classified Data Protection policy templates” on page 348.
■ See “Network Security Enforcement policy templates” on page 349.
■ See “Acceptable Use Enforcement policy templates” on page 349.
Imported Templates appear individually after import:
Note: See the Enterprise Vault Data Classification Services Implementation Guide
for information about Classification policy templates.
Click Next to configure the policy. For example, select the Webmail policy template and click Next.
Choose a Data Profile (if If the template relies on one or more Data Profiles, the system prompts you to
prompted). select each:
■ Exact Data Profile
See “Choosing an Exact Data Profile” on page 351.
■ Indexed Document Profile
See “Choosing an Indexed Document Profile” on page 352.
If you do not have a Data Profile, you can either:
■ Cancel the policy definition process, define the profile, and resume creating the
policy from the template.
■ Click Next to configure the policy.
On creation of the policy, the system drops any rules or exceptions that rely on
the Data Profile.
Action Description
Edit the policy name or If you intend to modify a system-defined template, you may want to change the
description (optional). name so you can distinguish it from the original.
Note: The Policy Label field is reserved for the Veritas Data Insight Self-Service
Portal.
Select a policy group (if If you have defined a policy group, select it from the Policy Group list.
necessary).
See “Creating and modifying policy groups” on page 378.
If you have not defined a policy group, the system deploys the policy to the Default
Policy Group.
Edit the policy rules or exceptions The Configure Policy screen displays the rules and exceptions (if any) provided
(if necessary). by the policy.
You can modify, add, and remove policy rules and exceptions to meet your
requirements.
Save the policy and export it Click Save to save the policy.
(optional).
You can export policy detection as a template for sharing or archiving.
See “Exporting policy detection as a template” on page 384.
Test and tune the policy Test and tune the policy using data the policy should and should not detect.
(recommended).
Review the incidents that the policy generates. Refine the policy rules and
exceptions as necessary to reduce false positives and false negatives.
Add response rules (optional). Add response rules to the policy to report and remediate violations.
Export Administration Regulations (EAR) Enforces the U.S. Department of Commerce Export Administration
Regulations (EAR).
FACTA 2003 (Red Flag Rules) Enforces sections 114 and 315 (or Red Flag Rules) of the Fair
and Accurate Credit Transactions Act (FACTA) of 2003.
See “FACTA 2003 (Red Flag Rules) policy template” on page 1016.
HIPAA and HITECH (including PHI) This policy enforces the US Health Insurance Portability and
Accountability Act (HIPAA).
See “HIPAA and HITECH (including PHI) policy template”
on page 1024.
International Traffic in Arms Regulations (ITAR) This policy enforces the US Department of State ITAR provisions.
NASD Rule 2711 and NYSE Rules 351 and 472 This policy protects the name(s) of any companies that are involved
in an upcoming stock offering.
See “NASD Rule 2711 and NYSE Rules 351 and 472 policy
template” on page 1033.
Creating policies from templates 345
US Regulatory Enforcement policy templates
NASD Rule 3010 and NYSE Rule 342 This policy monitors brokers-dealers communications.
See “NASD Rule 3010 and NYSE Rule 342 policy template”
on page 1035.
NERC Security Guidelines for Electric Utilities This policy detects the information that is outlined in the North
American Electric Reliability Council (NERC) security guidelines
for the electricity sector.
Office of Foreign Assets Control (OFAC) This template detects communications involving targeted OFAC
groups.
OMB Memo 06-16 and FIPS 199 Regulations This template detects information that is classified as confidential.
See “OMB Memo 06-16 and FIPS 199 Regulations policy template”
on page 1041.
Payment Card Industry Data Security Standard This template detects Visa and MasterCard credit card number
data.
SEC Fair Disclosure Regulation This template detects data disclosure of material financial
information.
See “SEC Fair Disclosure Regulation policy template” on page 1053.
US Intelligence Control Markings (CAPCO) and This template detects authorized terms to identify classified
DCID 1/7 information in the US Federal Intelligence community.
See “US Intelligence Control Markings (CAPCO) and DCID 1/7
policy template” on page 1064.
Creating policies from templates 346
UK and International Regulatory Enforcement policy templates
UK Data Protection Act 1998 This policy protects personal identifiable information.
See “Data Protection Act 1998 (UK) policy template” on page 1007.
EU Data Protection Directives This policy detects personal data specific to the EU directives.
Human Rights Act 1998 This policy enforces Article 8 of the act for UK citizens.
Canadian Social Insurance Numbers This policy detects patterns indicating Canadian social insurance
numbers.
See “Canadian Social Insurance Numbers policy template” on page 1001.
Creating policies from templates 347
Customer and Employee Data Protection policy templates
Credit Card Numbers This policy detects patterns indicating credit card numbers.
Individual Taxpayer Identification Numbers This policy detects IRS-issued tax processing numbers.
(ITIN)
See “Individual Taxpayer Identification Numbers (ITIN) policy template”
on page 1029.
SWIFT Codes This policy detects codes banks use to transfer money across
international borders.
UK National Health Service Number This policy detects personal identification numbers issued by the NHS.
See “UK National Health Service (NHS) Number policy template”
on page 1062.
US Social Security Numbers This policy detects patterns indicating social security numbers.
See “US Social Security Numbers policy template” on page 1065.
Creating policies from templates 348
Confidential or Classified Data Protection policy templates
Encrypted Data This policy detects the use of encryption by a variety of methods.
Merger and Acquisition Agreements This policy detects information and communications about upcoming merger
and acquisition activity.
See “Merger and Acquisition Agreements policy template” on page 1032.
Proprietary Media Files This policy detects various types of video and audio files.
See “Proprietary Media Files policy template” on page 1047.
Symantec DLP Awareness and Avoidance This policy detects any communications that refer to Symantec DLP or
other data loss prevention systems and possible avoidance of detection.
Common Spyware Upload Sites This policy detects access to common spyware upload Web sites.
See “Common Spyware Upload Sites policy template” on page 1003.
Network Security This policy detects evidence of hacking tools and attack planning.
See “Network Security policy template” on page 1038.
Illegal Drugs This policy detects conversations about illegal drugs and controlled
substances.
See “Illegal Drugs policy template” on page 1029.
Media Files This policy detects various types of video and audio files.
Restricted Files This policy detects various file types that are generally inappropriate to send
out of the company.
See “Restricted Files policy template” on page 1049.
Violence and Weapons This policy detects violent language and discussions about weapons.
See “Violence and Weapons policy template” on page 1065.
Yahoo Message Board Activity This policy detects Yahoo message board activity.
See “Yahoo Message Board Activity policy template” on page 1067.
Creating policies from templates 351
Choosing an Exact Data Profile
Yahoo and MSN Messengers on Port This policy detects Yahoo IM and MSN Messenger activity.
80
See “Yahoo and MSN Messengers on Port 80 policy template” on page 1068.
Note: When the system prompts you to select an Exact Data Profile, the display
lists the data columns to include in the profile to provide the highest level of accuracy.
If data fields in your Exact Data Profile are not represented in the selected policy
template, the system displays those fields for content matching when you define
the detection rule
Table 16-8 Policy templates that implement Exact Data Matching (EDM)
Customer Data Protection See “Customer Data Protection policy template” on page 1006.
Data Protection Act 1988 See “Data Protection Act 1998 (UK) policy template” on page 1007.
Creating policies from templates 352
Choosing an Indexed Document Profile
Table 16-8 Policy templates that implement Exact Data Matching (EDM)
(continued)
Employee Data Protection See “Employee Data Protection policy template” on page 1013.
EU Data Protection Directives See “Data Protection Directives (EU) policy template” on page 1009.
Export Administration Regulations (EAR) See “Export Administration Regulations (EAR) policy template”
on page 1015.
FACTA 2003 (Red Flag Rules) See “FACTA 2003 (Red Flag Rules) policy template” on page 1016.
HIPAA and HITECK (including PHI) See “HIPAA and HITECH (including PHI) policy template” on page 1024.
Human Rights Act 1998 See “Human Rights Act 1998 policy template” on page 1028.
International Traffic in Arms Regulations See “International Traffic in Arms Regulations (ITAR) policy template”
(ITAR) on page 1030.
Payment Card Industry Data Security See “Payment Card Industry (PCI) Data Security Standard policy
Standard template” on page 1043.
State Data Privacy See “SEC Fair Disclosure Regulation policy template” on page 1053.