Cisco Cisco Email Security Appliance C650 Guía Del Usuario
17-13
Cisco AsyncOS 9.1 for Email User Guide
Chapter 17 Data Loss Prevention
DLP Policies for RSA Email DLP
•
routing 119999992 account 1234567
(Match)
US Drivers License
Many policies use a US Drivers License classifier. By default, this classifier searches for drivers licenses
for all 50 US states and the District of Columbia. Even US state-specific policies such as California
AB-1298 and Montana HB-732 search for all 51 types of US drivers licenses. Thus, a predefined DLP
policy template for a specific state, such as California SB 1386, uses the detection rules for all states and
will return a DLP violation for data with a non-California driver license because it is still considered a
privacy violation.
for all 50 US states and the District of Columbia. Even US state-specific policies such as California
AB-1298 and Montana HB-732 search for all 51 types of US drivers licenses. Thus, a predefined DLP
policy template for a specific state, such as California SB 1386, uses the detection rules for all states and
will return a DLP violation for data with a non-California driver license because it is still considered a
privacy violation.
If you are concerned about false positives or appliance performance, you can limit searching to specific
US states or no states by going to Mail Policies > DLP Policy Manager and clicking the US Drivers
Licenses link in the Advanced Settings section.
US states or no states by going to Mail Policies > DLP Policy Manager and clicking the US Drivers
Licenses link in the Advanced Settings section.
The individual state classifiers match against the patterns for that state, and require the corresponding
state name or abbreviation, and additional supporting data.
state name or abbreviation, and additional supporting data.
Examples:
•
CA DL: C3452362
(Match because it has the correct pattern for the number and supporting data)
•
California DL: C3452362
(Match)
•
DL: C3452362
(No match because there is not enough supporting data)
•
California C3452362
(No match because there is not enough supporting data)
•
OR DL: C3452362
(No match because it is the incorrect pattern for Oregon)
•
OR DL: 3452362
(Match because it is the correct pattern for Oregon)
•
WV DL: D654321
(Match because it is the correct pattern for West Virginia)
•
WV DL: G6543
(No match because it is the incorrect pattern for West Virginia)
US National Provider Identifier
The US National Provider Identifier classifier scans for a US National Provider Identifier (NPI)
numbers, which is a 10-digit number with a check digit.
numbers, which is a 10-digit number with a check digit.
Examples:
•
NPI: 3459872347
(Match for NPI)
•
3459872347
(No match because of no supporting information)
•
NPI: 3459872342
(No match because of incorrect check digit)
Student Records
The predefined FERPA (Family Educational Rights and Privacy Act) DLP policy template uses the
Student Records classifier. Combine it with a customized Student Identification Number classifier to
detect specific student ID patterns for better accuracy.
Student Records classifier. Combine it with a customized Student Identification Number classifier to
detect specific student ID patterns for better accuracy.
Example:
•
Joe Smith, Class Rank: 234, Major: Chemistry Transcript
(Match)
Corporate Financials
The predefined Sarbanes-Oxley (SOX) policy template uses the Corporate Financials classifier to search
for non-public corporate financial information.
for non-public corporate financial information.