Forcepoint DLP Predefined Policies and Classifiers
Total Page:16
File Type:pdf, Size:1020Kb
Forcepoint DLP Predefined Policies and Classifiers Predefined Policies and Classifiers | Forcepoint DLP | v8.5.x For your convenience, Forcepoint DLP includes hundreds of predefined policies and content classifiers. ● Predefined policies help administrators quickly and easily define what type of content is considered a security breach at their organization. While choosing a policy or policy category, some items are set “off” by default. They can be activated individually in the Forcepoint Security Manager. ■ Data Loss Prevention policies, page 2 ■ Discovery policies, page 108 ● Predefined classifiers can be used to detect events and threats involving secured data. This article provides a list of all the predefined content classifiers that Forcepoint DLP provides for detecting events and threats involving secured data. This includes: ■ File-type classifiers ■ Script classifiers ■ Dictionaries ■ Pattern classifiers The predefined policies and classifiers are constantly being updated and improved. See Updating Predefined Policies and Classifiers for instructions on keeping policies and classifiers current. © 2017 Forcepoint LLC Data Loss Prevention policies Predefined Policies and Classifiers | Forcepoint DLP | v8.5.x Use the predefined data loss prevention policies to detect sensitive content, compliance violations, and data theft. For acceptable use policies, see: ● Acceptable Use, page 3 The content protection policies fall into several categories: ● Company Confidential and Intellectual Property (IP), page 4 ● Credit Cards, page 9 ● Financial Data, page 11 ● Protected Health Information (PHI), page 17 ● Personally Identifiable Information (PII), page 20 The regulation, compliance, and standards policies are categorized as follows: ● EU General Data Protection Regulation (GDPR), page 35 ● Financial Regulations, page 37 ● Payment Card Industry (PCI), page 40 ● National Privacy Regulations, page 41 ● US and Canada Federal Regulations, page 89 Data theft risk indicator policies are categorized as follows: ● Employee Discontent, page 104 ● Indicators of Compromise, page 102 ● Suspicious User Activity, page 100 The Web DLP, Email DLP, and Mobile DLP “quick policies” include the PCI policy, PHI policies, and PII policies listed in this document (including financial policies). The quick policies include additional policies as well. See the following for more information: ● Web DLP policy, page 106 ● Email DLP policy, page 107 ● Mobile DLP policy, page 108 Forcepoint DLP Predefined Policies and Classifiers 2 Acceptable Use Predefined Policies and Classifiers | Forcepoint DLP | v8.5.x The following predefined policies are available for the detection of possible acceptable use transgressions: ● Acceptable Use - Indecent Images Policy for detection of indecent images using image analysis. The rule for this policy is: ■ Non Acceptable Use - Indecent Images as attachments ● Acceptable Use - Obscenities & Racism Policy for detection of offensive or inappropriate terms (non-editable). The rules for this policy are: ■ Non Acceptable Use - In file names - inappropriate ■ Non Acceptable Use - In file names - medium ■ Non Acceptable Use - In file names - offensive ■ Non Acceptable Use - inappropriate ■ Non Acceptable Use - medium ■ Non Acceptable Use - offensive ● Cyber Bullying and Self-Destructive Patterns Policy for the detection of expressions that are indicative of cyber bullying or self- destructive patterns. This policy functions on the web channel (HTTP/HTTPS) only. The rules for this policy are: ■ Cyber Bullying (Wide) ■ Cyber Bullying (Default) ■ Cyber Bullying (Narrow) ■ Suicidal thoughts (Wide) ■ Suicidal thoughts (Narrow) ● Israel Acceptable Use Policy for detection of Israel offensive or inappropriate terms. The rules for this policy include: ■ Israel Non Acceptable Use: All In One ■ Israel Non Acceptable Use: Hebrew ■ Israel Non Acceptable Use: Russian ■ Israel Non Acceptable Use: Arabic ■ Israel Non Acceptable Use: Iraqi Forcepoint DLP Predefined Policies and Classifiers 3 Content Protection Predefined Policies and Classifiers | Forcepoint DLP | v8.5.x Forcepoint DLP includes the following types of content protection policies: ● Company Confidential and Intellectual Property (IP), page 4 ● Credit Cards, page 9 ● Financial Data, page 11 ● Protected Health Information (PHI), page 17 ● Personally Identifiable Information (PII), page 20 Company Confidential and Intellectual Property (IP) Predefined Policies and Classifiers | Forcepoint DLP | v8.5.x The following predefined policies are available for the detection of company confidential or intellectual property data: ● Bids and Tenders Policy for detecting bids, proposals, and tenders, such as responses to request for proposal (RFP) and invitation for bids (IFB) documents. ■ Bids and Tenders (Wide) ■ Bids and Tenders (Default) ■ Bids and Tenders (Narrow) ● Business and Technical Drawing Files Policy for detection of business and technical drawing file types. The rules for this policy are: ■ Business and Technical Drawing Files: ASM File ■ Business and Technical Drawing Files: Catia File ■ Business and Technical Drawing Files: Corel Draw File ■ Business and Technical Drawing Files: DRW File ■ Business and Technical Drawing Files: DWG File ■ Business and Technical Drawing Files: DXF Binary File ■ Business and Technical Drawing Files: DXF Textual File ■ Business and Technical Drawing Files: FRM File ■ Business and Technical Drawing Files: IGS Textual File ■ Business and Technical Drawing Files: JT File ■ Business and Technical Drawing Files: Microsoft Visio File ■ Business and Technical Drawing Files: PRT File ■ Business and Technical Drawing Files: SolidWorks File ■ Business and Technical Drawing Files: STL Binary File ■ Business and Technical Drawing Files: STL Textual File Forcepoint DLP Predefined Policies and Classifiers 4 ■ Business and Technical Drawing Files: STP Textual File ■ Business and Technical Drawing Files: WHIP File ○ Business and Technical Drawing Files: X_T Textual File ● Confidential Warning Policy for detection of sensitive text in the header or footer of a document. The rules for this policy are: ■ Confidential in Header or Footer ■ Key Phrases in Header or Footer ■ Dictionary Phrases in Header or Footer ■ Proprietary in Header or Footer ● Confidential Warning (Arabic) The policy detect secret or confidential documents by identifying “confidential” in the Header or the ,“ سري“ terms in English or Arabic, such as “Confidential” or Footer of Office documents. The rule for this policy is: ■ Confidential Arabic in Header or Footer ● Energy Policies for detection of sensitive data in the Oil and Gas industry and, in particular, information pertaining to oil prospecting and drilling. ■ Petroleum and Gas-Sensitive Information Detect leakage of sensitive data in the Oil and Gas industry and, in particular, information pertaining to oil prospecting and drilling. The rules for this policy are: ○ Petroleum and Gas-Sensitive Information: CAD Files: ASM File ○ Petroleum and Gas-Sensitive Information: CAD Files: DRW File ○ Petroleum and Gas-Sensitive Information: CAD Files: DWG File ○ Petroleum and Gas-Sensitive Information: CAD Files: DXF Binary File ○ Petroleum and Gas-Sensitive Information: CAD Files: DXF Textual File ○ Petroleum and Gas-Sensitive Information: CAD Files: FRM File ○ Petroleum and Gas-Sensitive Information: CAD Files: IGS Textual File ○ Petroleum and Gas-Sensitive Information: CAD Files: JT File ○ Petroleum and Gas-Sensitive Information: CAD Files: PRT File ○ Petroleum and Gas-Sensitive Information: CAD Files: SolidWorks File ○ Petroleum and Gas-Sensitive Information: CAD Files: STL Binary File ○ Petroleum and Gas-Sensitive Information: CAD Files: STL Textual File ○ Petroleum and Gas-Sensitive Information: CAD Files: STP Textual File ○ Petroleum and Gas-Sensitive Information: CAD Files: WHIP File ○ Petroleum and Gas-Sensitive Information: CAD Files: X_T Textual File ○ Petroleum and Gas-Sensitive Information: Disclaimer ○ Petroleum and Gas-Sensitive Information: Form 567 ○ Petroleum and Gas-Sensitive Information: Form 715 ○ Petroleum and Gas-Sensitive Information: Latitude-Longitude Location Coordinates Forcepoint DLP Predefined Policies and Classifiers 5 ○ Petroleum and Gas-Sensitive Information: Logs and Survey Reports ○ Petroleum and Gas-Sensitive Information: Microsoft Visio ○ Petroleum and Gas-Sensitive Information: Petroleum File Extension ○ Petroleum and Gas-Sensitive Information: Pipeline Flow Diagram ○ Petroleum and Gas-Sensitive Information: Prospecting Related Term ■ Smart Power Grids / SCADA Policy for promoting protection of sensitive information pertaining smart power grids and supervisory control and data acquisition (SCADA) systems. The rules for this policy are: ○ Smart Power Grids: Confidential in Header or Footer ○ Smart Power Grids: Proprietary in Header or Footer ○ Smart Power Grids: C family or Java (default) ○ Smart Power Grids: C family or Java (wide) ○ Smart Power Grids: Software Design Documents with SCADA terms ○ Smart Power Grids: CAD Files: stl text format ○ Smart Power Grids: CAD Files: stl binary format ○ Smart Power Grids: CAD Files: stp text format ○ Smart Power Grids: CAD Files: igs text format ○ Smart Power Grids: CAD Files: x_t text format ○ Smart Power Grids: Executables or Link Library ○ Smart Power Grids: Microsoft Visio ○ Smart Power Grids: Python (Default) ○ Smart Power Grids: Python (Wide) ○ Smart Power Grids: XML with SCADA terms ○ Smart Power Grids: Spreadsheets with SCADA terms ● License Keys Policy to identify