Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
18-10
Cisco AsyncOS 9.5 for Email User Guide
Chapter 18 Data Loss Prevention
DLP Policies for RSA Email DLP
Step 5
Enter a name and description for the policy.
Step 6
Identify the content and context that constitute a DLP violation:
a.
Select a content matching classifier.
b.
Click Add.
•
If you selected Create a Classifier, see
•
Otherwise, the selected classifier is added to the table.
c.
(Optional) Add additional classifiers to the policy.
For example, you might be able to eliminate known likely false positive matches by adding another
classifier and selecting NOT.
classifier and selecting NOT.
d.
If you added multiple classifiers: Choose an option in the table heading to specify whether any or
all of the classifiers must match in order to count the instance as a violation.
all of the classifiers must match in order to count the instance as a violation.
Step 7
(Optional) Apply the DLP policy only to messages with specific recipients, senders, attachment types,
or previously-added message tags.
or previously-added message tags.
For more information, see
You can separate multiple entries using a line break or a comma.
Step 8
In the Severity Settings section:
•
Choose an action to take for each level of violation severity.
For more information, see
•
(Optional) Click Edit Scale to adjust the violation severity scale for the policy.
For more information, see
Step 9
Submit and commit your changes.
Related Topics
•
•
About Defining Disallowed Content Using Content Matching Classifiers
Content matching classifiers define the content that cannot be emailed and optionally the context in
which that content must occur in order to be considered a data loss prevention violation.
which that content must occur in order to be considered a data loss prevention violation.
Suppose you want to prevent patient identification numbers from being emailed from your organization.
In order for the appliance to recognize these numbers, you must specify the patterns of the record
numbering system used by your organization, using one or more regular expressions. You can also add
a list of words and phrases that might accompany the record number as supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the supporting information
to verify that the pattern is an identification number and not a random number string. Including context
matching information results in fewer false positive matches.
numbering system used by your organization, using one or more regular expressions. You can also add
a list of words and phrases that might accompany the record number as supporting information. If the
classifier detects the number pattern in an outgoing message, it searches for the supporting information
to verify that the pattern is an identification number and not a random number string. Including context
matching information results in fewer false positive matches.
For this example, you might create a DLP policy that uses the HIPAA and HITECH template. This
template includes the Patient Identification Numbers content matching classifier, which you can
customize to detect a patient’s identification number. To detect numbers in the pattern of 123-CL456789,
template includes the Patient Identification Numbers content matching classifier, which you can
customize to detect a patient’s identification number. To detect numbers in the pattern of 123-CL456789,