Sunteți pe pagina 1din 12

Chapter 16

Creating policies from


templates
This chapter includes the following topics:

■ Creating a policy from a template

■ US Regulatory Enforcement policy templates

■ UK and International Regulatory Enforcement policy templates

■ Customer and Employee Data Protection policy templates

■ Confidential or Classified Data Protection policy templates

■ Network Security Enforcement policy templates

■ Acceptable Use Enforcement policy templates

■ Choosing an Exact Data Profile

■ Choosing an Indexed Document Profile

Creating a policy from a template


You can create a policy from a system-provided template or from a template you
import to the Enforce Server.
See “Policy templates” on page 314.
See “Policy template import and export” on page 320.
Creating policies from templates 342
Creating a policy from a template

Table 16-1 Create a policy from a template

Action Description

Add a policy from a template. See “Adding a new policy or policy template” on page 354.

Choose the template you want to At the Manage > Policies > Policy List > New Policy - Template List screen the
use. system lists all policy templates.
System-provided template categories:
■ See “US Regulatory Enforcement policy templates” on page 344.
■ See “UK and International Regulatory Enforcement policy templates” on page 346.
■ See “Customer and Employee Data Protection policy templates” on page 346.
■ See “Confidential or Classified Data Protection policy templates” on page 348.
■ See “Network Security Enforcement policy templates” on page 349.
■ See “Acceptable Use Enforcement policy templates” on page 349.
Imported Templates appear individually after import:

■ See “Importing policy templates” on page 383.

Note: See the Enterprise Vault Data Classification Services Implementation Guide
for information about Classification policy templates.

Click Next to configure the policy. For example, select the Webmail policy template and click Next.

See “Configuring policies” on page 355.

Choose a Data Profile (if If the template relies on one or more Data Profiles, the system prompts you to
prompted). select each:
■ Exact Data Profile
See “Choosing an Exact Data Profile” on page 351.
■ Indexed Document Profile
See “Choosing an Indexed Document Profile” on page 352.
If you do not have a Data Profile, you can either:

■ Cancel the policy definition process, define the profile, and resume creating the
policy from the template.
■ Click Next to configure the policy.
On creation of the policy, the system drops any rules or exceptions that rely on
the Data Profile.

Note: You should use a profile if a template calls for it.


Creating policies from templates 343
Creating a policy from a template

Table 16-1 Create a policy from a template (continued)

Action Description

Edit the policy name or If you intend to modify a system-defined template, you may want to change the
description (optional). name so you can distinguish it from the original.

See “Configuring policies” on page 355.


Note: If you want to export the policy as a template, the policy name must be less
than 60 characters. If it is more, the template does not appear in the Imported
Templates section of the Template List screen.

Note: The Policy Label field is reserved for the Veritas Data Insight Self-Service
Portal.

Select a policy group (if If you have defined a policy group, select it from the Policy Group list.
necessary).
See “Creating and modifying policy groups” on page 378.

If you have not defined a policy group, the system deploys the policy to the Default
Policy Group.

Edit the policy rules or exceptions The Configure Policy screen displays the rules and exceptions (if any) provided
(if necessary). by the policy.
You can modify, add, and remove policy rules and exceptions to meet your
requirements.

See “Configuring policy rules” on page 359.


See “Configuring policy exceptions” on page 369.

Save the policy and export it Click Save to save the policy.
(optional).
You can export policy detection as a template for sharing or archiving.
See “Exporting policy detection as a template” on page 384.

For example, if you changed the configuration of a system-defined policy template,


you may want to export it for sharing across environments.

Test and tune the policy Test and tune the policy using data the policy should and should not detect.
(recommended).
Review the incidents that the policy generates. Refine the policy rules and
exceptions as necessary to reduce false positives and false negatives.

Add response rules (optional). Add response rules to the policy to report and remediate violations.

See “Implementing response rules” on page 1089.


Note: Response rules are not included in policy templates.
Creating policies from templates 344
US Regulatory Enforcement policy templates

US Regulatory Enforcement policy templates


Symantec Data Loss Prevention provides several policy templates supporting US
Regulatory Enforcement guidelines.
See “Creating a policy from a template” on page 341.

Table 16-2 US Regulatory Enforcement policy templates

Policy template Description

CAN-SPAM Act Establishes requirements for sending commercial email.


See “CAN-SPAM Act policy template” on page 1002.

Defense Message System (DMS) GENSER Detects information classified as confidential.


Classification
See “Defense Message System (DMS) GENSER Classification
policy template” on page 1011.

Export Administration Regulations (EAR) Enforces the U.S. Department of Commerce Export Administration
Regulations (EAR).

See “Export Administration Regulations (EAR) policy template”


on page 1015.

FACTA 2003 (Red Flag Rules) Enforces sections 114 and 315 (or Red Flag Rules) of the Fair
and Accurate Credit Transactions Act (FACTA) of 2003.

See “FACTA 2003 (Red Flag Rules) policy template” on page 1016.

Gramm-Leach-Bliley This policy limits sharing of consumer information by financial


institutions.
See “Gramm-Leach-Bliley policy template” on page 1022.

HIPAA and HITECH (including PHI) This policy enforces the US Health Insurance Portability and
Accountability Act (HIPAA).
See “HIPAA and HITECH (including PHI) policy template”
on page 1024.

International Traffic in Arms Regulations (ITAR) This policy enforces the US Department of State ITAR provisions.

See “International Traffic in Arms Regulations (ITAR) policy


template” on page 1030.

NASD Rule 2711 and NYSE Rules 351 and 472 This policy protects the name(s) of any companies that are involved
in an upcoming stock offering.

See “NASD Rule 2711 and NYSE Rules 351 and 472 policy
template” on page 1033.
Creating policies from templates 345
US Regulatory Enforcement policy templates

Table 16-2 US Regulatory Enforcement policy templates (continued)

Policy template Description

NASD Rule 3010 and NYSE Rule 342 This policy monitors brokers-dealers communications.
See “NASD Rule 3010 and NYSE Rule 342 policy template”
on page 1035.

NERC Security Guidelines for Electric Utilities This policy detects the information that is outlined in the North
American Electric Reliability Council (NERC) security guidelines
for the electricity sector.

See “NERC Security Guidelines for Electric Utilities policy template”


on page 1036.

Office of Foreign Assets Control (OFAC) This template detects communications involving targeted OFAC
groups.

See “Office of Foreign Assets Control (OFAC) policy template”


on page 1039.

OMB Memo 06-16 and FIPS 199 Regulations This template detects information that is classified as confidential.
See “OMB Memo 06-16 and FIPS 199 Regulations policy template”
on page 1041.

Payment Card Industry Data Security Standard This template detects Visa and MasterCard credit card number
data.

See “Payment Card Industry (PCI) Data Security Standard policy


template” on page 1043.

Sarbanes-Oxley This template detects sensitive financial data.

See “Sarbanes-Oxley policy template” on page 1051.

SEC Fair Disclosure Regulation This template detects data disclosure of material financial
information.
See “SEC Fair Disclosure Regulation policy template” on page 1053.

State Data Privacy This template detects breaches of state-mandated confidentiality.


See “State Data Privacy policy template” on page 1057.

US Intelligence Control Markings (CAPCO) and This template detects authorized terms to identify classified
DCID 1/7 information in the US Federal Intelligence community.
See “US Intelligence Control Markings (CAPCO) and DCID 1/7
policy template” on page 1064.
Creating policies from templates 346
UK and International Regulatory Enforcement policy templates

UK and International Regulatory Enforcement policy


templates
Symantec Data Loss Prevention provides several policy templates for UK and
International Regulatory Enforcement.
See “Creating a policy from a template” on page 341.

Table 16-3 UK and International Regulatory Enforcement policy templates

Policy template Description

Caldicott Report This policy protects UK patient information.

See “Caldicott Report policy template” on page 999.

UK Data Protection Act 1998 This policy protects personal identifiable information.

See “Data Protection Act 1998 (UK) policy template” on page 1007.

EU Data Protection Directives This policy detects personal data specific to the EU directives.

See “Data Protection Directives (EU) policy template” on page 1009.

Human Rights Act 1998 This policy enforces Article 8 of the act for UK citizens.

See “Human Rights Act 1998 policy template” on page 1028.

PIPEDA This policy detects Canadian citizen customer data.

See “PIPEDA policy template” on page 1044.

Customer and Employee Data Protection policy


templates
Symantec Data Loss Prevention provides several policy templates for Customer
and Employee Data Protection.
See “Creating a policy from a template” on page 341.

Table 16-4 Customer and Employee Data Protection policy templates

Policy template Description

Canadian Social Insurance Numbers This policy detects patterns indicating Canadian social insurance
numbers.
See “Canadian Social Insurance Numbers policy template” on page 1001.
Creating policies from templates 347
Customer and Employee Data Protection policy templates

Table 16-4 Customer and Employee Data Protection policy templates


(continued)

Policy template Description

Credit Card Numbers This policy detects patterns indicating credit card numbers.

See “Credit Card Numbers policy template” on page 1005.

Customer Data Protection This policy detects customer data.

See “Customer Data Protection policy template” on page 1006.

Employee Data Protection This policy detects employee data.


See “Employee Data Protection policy template” on page 1013.

Individual Taxpayer Identification Numbers This policy detects IRS-issued tax processing numbers.
(ITIN)
See “Individual Taxpayer Identification Numbers (ITIN) policy template”
on page 1029.

SWIFT Codes This policy detects codes banks use to transfer money across
international borders.

See “SWIFT Codes policy template” on page 1060.

UK Drivers License Numbers This policy detects UK Drivers License Numbers.


See “UK Drivers License Numbers policy template” on page 1061.

UK Electoral Roll Numbers This policy detects UK Electoral Roll Numbers.


See “UK Electoral Roll Numbers policy template” on page 1062.

UK National Insurance Numbers This policy detects UK National Insurance Numbers.


See “UK National Insurance Numbers policy template” on page 1062.

UK National Health Service Number This policy detects personal identification numbers issued by the NHS.
See “UK National Health Service (NHS) Number policy template”
on page 1062.

UK Passport Numbers This policy detects valid UK passports.


See “UK Passport Numbers policy template” on page 1063.

UK Tax ID Numbers This policy detects UK Tax ID Numbers.


See “UK Tax ID Numbers policy template” on page 1063.

US Social Security Numbers This policy detects patterns indicating social security numbers.
See “US Social Security Numbers policy template” on page 1065.
Creating policies from templates 348
Confidential or Classified Data Protection policy templates

Confidential or Classified Data Protection policy


templates
Symantec Data Loss Prevention provides several policy templates for Confidential
or Classified Data Protection.
See “Creating a policy from a template” on page 341.

Table 16-5 Confidential or Classified Data Protection policy templates

Policy template Description

Confidential Documents This policy detects company-confidential documents.

See “Confidential Documents policy template” on page 1004.

Design Documents This policy detects various types of design documents.

See “Design Documents policy template” on page 1012.

Encrypted Data This policy detects the use of encryption by a variety of methods.

See “Encrypted Data policy template” on page 1015.

Financial Information This policy detects financial data and information.

See “Financial Information policy template” on page 1020.

Merger and Acquisition Agreements This policy detects information and communications about upcoming merger
and acquisition activity.
See “Merger and Acquisition Agreements policy template” on page 1032.

Price Infomation This policy detects specific SKU or pricing information.

See “Price Information policy template” on page 1046.

Project Data This policy detects discussions of sensitive projects.

See “Project Data policy template” on page 1047.

Proprietary Media Files This policy detects various types of video and audio files.
See “Proprietary Media Files policy template” on page 1047.

Publishing Documents This policy detects various types of publishing documents.

See “Publishing Documents policy template” on page 1048.

Resumes This policy detects active job searches.

See “Resumes policy template” on page 1050.


Creating policies from templates 349
Network Security Enforcement policy templates

Table 16-5 Confidential or Classified Data Protection policy templates


(continued)

Policy template Description

Source Code This policy detects various types of source code.

See “Source Code policy template” on page 1056.

Symantec DLP Awareness and Avoidance This policy detects any communications that refer to Symantec DLP or
other data loss prevention systems and possible avoidance of detection.

See “Symantec DLP Awareness and Avoidance policy template”


on page 1061.

Network Security Enforcement policy templates


Symantec Data Loss Prevention provides several policy templates for Network
Security Enforcement.
See “Creating a policy from a template” on page 341.

Table 16-6 Network Security Enforcement policy templates

Policy template Description

Common Spyware Upload Sites This policy detects access to common spyware upload Web sites.
See “Common Spyware Upload Sites policy template” on page 1003.

Network Diagrams This policy detects computer network diagrams.


See “Network Diagrams policy template” on page 1037.

Network Security This policy detects evidence of hacking tools and attack planning.
See “Network Security policy template” on page 1038.

Password Files This policy detects password file formats.


See “Password Files policy template” on page 1042.

Acceptable Use Enforcement policy templates


Symantec Data Loss Prevention provides several policy templates for allowing
acceptable uses of information.
See “Creating a policy from a template” on page 341.
Creating policies from templates 350
Acceptable Use Enforcement policy templates

Table 16-7 Acceptable Use Enforcement policy templates

Policy template Description

Competitor Communications This policy detects forbidden communications with competitors.


See “Competitor Communications policy template” on page 1004.

Forbidden Websites This policy detects access to specified Web sites.

See “Forbidden Websites policy template” on page 1021.

Gambling This policy detects any reference to gambling.


See “Gambling policy template” on page 1022.

Illegal Drugs This policy detects conversations about illegal drugs and controlled
substances.
See “Illegal Drugs policy template” on page 1029.

Media Files This policy detects various types of video and audio files.

See “Media Files policy template” on page 1031.

Offensive Language This policy detects the use of offensive language.

See “Offensive Language policy template” on page 1038.

Racist Language This policy detects the use of racist language.

See “Racist Language policy template” on page 1049.

Restricted Files This policy detects various file types that are generally inappropriate to send
out of the company.
See “Restricted Files policy template” on page 1049.

Restricted Recipients This policy detects communications with specified recipients.


See “Restricted Recipients policy template” on page 1049.

Sexually Explicit Language This policy detects sexually explicit content.


See “Sexually Explicit Language policy template” on page 1055.

Violence and Weapons This policy detects violent language and discussions about weapons.
See “Violence and Weapons policy template” on page 1065.

Webmail This policy detects the use of a variety of Webmail services.


See “Webmail policy template” on page 1066.

Yahoo Message Board Activity This policy detects Yahoo message board activity.
See “Yahoo Message Board Activity policy template” on page 1067.
Creating policies from templates 351
Choosing an Exact Data Profile

Table 16-7 Acceptable Use Enforcement policy templates (continued)

Policy template Description

Yahoo and MSN Messengers on Port This policy detects Yahoo IM and MSN Messenger activity.
80
See “Yahoo and MSN Messengers on Port 80 policy template” on page 1068.

Choosing an Exact Data Profile


If the policy template you select implements Exact Data Matching (EDM), the system
prompts you to choose an Exact Data Profile. Table 16-8 lists the policy templates
that are based on Exact Data Profiles.
If you do not have an Exact Data Profile, you can cancel policy creation and define
a profile. Or, you can choose not to use an Exact Data Profile. In this case the
system disables the associated EDM detection rules in the policy template. You
can use any DCM rules or exceptions the policy template provides.
See “Introducing Exact Data Matching (EDM)” on page 401.
See “About the Exact Data Profile and index” on page 405.
To choose an Exact Data Profile
1 Select an Exact Data Profile from the list of available profiles.
2 Click Next to continue with creating the policy from the template.
Click Previous to return to the list of policy templates.
See “Creating a policy from a template” on page 341.

Note: When the system prompts you to select an Exact Data Profile, the display
lists the data columns to include in the profile to provide the highest level of accuracy.
If data fields in your Exact Data Profile are not represented in the selected policy
template, the system displays those fields for content matching when you define
the detection rule

Table 16-8 Policy templates that implement Exact Data Matching (EDM)

Policy template Description

Caldicott Report See “Caldicott Report policy template” on page 999.

Customer Data Protection See “Customer Data Protection policy template” on page 1006.

Data Protection Act 1988 See “Data Protection Act 1998 (UK) policy template” on page 1007.
Creating policies from templates 352
Choosing an Indexed Document Profile

Table 16-8 Policy templates that implement Exact Data Matching (EDM)
(continued)

Policy template Description

Employee Data Protection See “Employee Data Protection policy template” on page 1013.

EU Data Protection Directives See “Data Protection Directives (EU) policy template” on page 1009.

Export Administration Regulations (EAR) See “Export Administration Regulations (EAR) policy template”
on page 1015.

FACTA 2003 (Red Flag Rules) See “FACTA 2003 (Red Flag Rules) policy template” on page 1016.

Gramm-Leach-Bliley See “Gramm-Leach-Bliley policy template” on page 1022.

HIPAA and HITECK (including PHI) See “HIPAA and HITECH (including PHI) policy template” on page 1024.

Human Rights Act 1998 See “Human Rights Act 1998 policy template” on page 1028.

International Traffic in Arms Regulations See “International Traffic in Arms Regulations (ITAR) policy template”
(ITAR) on page 1030.

Payment Card Industry Data Security See “Payment Card Industry (PCI) Data Security Standard policy
Standard template” on page 1043.

PIPEDA See “PIPEDA policy template” on page 1044.

Price Information See “Price Information policy template” on page 1046.

Resumes See “Resumes policy template” on page 1050.

State Data Privacy See “SEC Fair Disclosure Regulation policy template” on page 1053.

Choosing an Indexed Document Profile


If the policy template you chose uses Indexed Document Matching (IDM) detection,
the system prompts you to select the Document Profile.
See “Introducing Indexed Document Matching (IDM)” on page 494.
To use a Document Profile
1 Select the Document Profile from the list of available profiles.
2 Click Next to create the policy from the template.
See “Creating a policy from a template” on page 341.
If you do not have a Document Profile, you can cancel policy creation and define
the Document Profile. Or, you can choose to not use a Document Profile. In this