DLP policy for state privacy regulations (Washington SB-6043 in my case)
I am trying to enable the DLP rule for Washington state privacy regulations. I tried using the preconfigured template, but I get a lot of false-positives. Does anyone have experience setting these up or customizing the template? This is new for me. Washington's requirements are:
Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers. The rules for this policy are: -SSN with WA driver license -SSN with CCN -Name with SSN -Name with Washington driver license -Name with CCN -SSN with DNA profile
You can check for the matched content option in the quarantined emails and see what exactly matched in the policy which is causing the false positives. We can determine what is matching by ensuring that we have the Matched Content Logging enabled under Security Services > RSA Email DLP. Once we have this enabled we can ensure that the quarantine action is set under Mail Policies > DLP Message Actions. This will then allow the messages to be quarantined and we should then see the matched content in the quarantine. For False Negatives:
Determine which DLP Policy the customer has enabled, and which content the customer thinks should have triggered the policy.
For False Positives:
Find out which DLP Policy was triggered, and get a copy of the email or document that triggered it.
Also, please find below some information on the US State Regulatory Compliance DLP policy named "Washington SB-6043" which might be helpful:
- Washington SB-6043
Identifies documents and transmissions that contain personally identifiable information (PII) regulated by Washington SB-6043. Persons and businesses that conduct business in Washington and own or license unencrypted computerized PII about Washington residents are expected to protect the PII from security breach, and to notify individuals and information owners if their lost PII has been or is likely to be misused. Any person or business that conducts business in Washington and owns or licenses unencrypted computerized PII data for Washington residents, regardless of the entity’s physical location, is required to comply. This policy detects US Social Security numbers, credit card numbers and US drivers license numbers. US drivers licenses are configurable under DLP Policy Manager > Advanced Settings.
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...
I somehow stumbled upon Cisco's IBNS 2.0 Auto Identity (AI) templates in my CML/VIRL IOSv layer2 image (IOS 15.2(6)).
I find these templates great, because these are the best practices that we tend to hard-code manually - e.g there are...
Hello. Thanks in advance for any input. I have just spun up a Cisco ISE lab and having some issues with the certificates. I created a self-signed certificate to be used with EAP and admin. DNS name of ise1.example.local points to the ...
Adversarial Tactics and TechniquesA Call to Action
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports posturing of endpoints with different ...
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...