Cisco Cisco Email Security Appliance C190 Guia Do Utilizador

A DLP policy is a set of conditions that AsyncOS and the RSA Email DLP 
scanning engine use to determine whether an outgoing message contains sensitive 
data and the actions that AsyncOS takes when a message contains such data. 

DLP policies include content matching classifiers developed by RSA, which the 
RSA Email DLP scanning engine uses to detect sensitive data in messages and 
attachments. The classifiers search for more than data patterns like credit card 
numbers and driver license IDs; they examine the context of the patterns , leading 
to fewer false positives. For more information, see 

If the DLP scanning engine detects a DLP violation in a message or an 
attachment, the DLP scanning engine determines the risk factor of the violation 
and returns the result to the matching DLP policy. The policy uses its own severity 
scale to evaluate the severity of the DLP violation based on the risk factor and 
applies the appropriate actions to the message. The scale includes five severity 
levels: Ignore, Low, Medium, High, and Critical. 

Actions that can be taken on all severity levels except Ignore include:

The overall action to take on the message being examined: deliver, drop, or 
quarantine.

Encrypt messages.

Alter the subject header of messages containing a DLP violation.

Add disclaimer text to messages.

Send messages to an alternate destination mailhost.

Send copies (bcc) of messages to other recipients. (For example, you could 
copy messages with critical DLP violations to a compliance officer’s mailbox 
for subsequent examination.)