Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
0
Helpful
1
Replies

DLP policy for state privacy regulations (Washington SB-6043 in my case)

USD SmartAlerts
Level 1
Level 1

‎02-14-2019 10:57 AM

I am trying to enable the DLP rule for Washington state privacy regulations. I tried using the preconfigured template, but I get a lot of false-positives. Does anyone have experience setting these up or customizing the template? This is new for me. Washington's requirements are:

 

 Washington SB 6043 requires that any person or business that owns or licenses computerized data that includes PI must disclose security system breach to those whose unencrypted PI is reasonably believed to be acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and Washington driver license numbers. The rules for this policy are:
    
-SSN with WA driver license
    
-SSN with CCN
    
-Name with SSN
    
-Name with Washington driver license
    
-Name with CCN
    
-SSN with DNA profile 

 

Thanks!

Labels:
0 Helpful
1 Reply 1

ppreenja
Cisco Employee
Cisco Employee

‎08-21-2019 11:31 AM

Hi,

You can check for the matched content option in the quarantined emails and see what exactly matched in the policy which is causing the false positives. We can determine what is matching by ensuring that we have the Matched Content Logging enabled under Security Services > RSA Email DLP. Once we have this enabled we can ensure that the quarantine action is set under Mail Policies > DLP Message Actions. This will then allow the messages to be quarantined and we should then see the matched content in the quarantine.
For False Negatives:

Determine which DLP Policy the customer has enabled, and which content the customer thinks should have triggered the policy.

For False Positives:

Find out which DLP Policy was triggered, and get a copy of the email or document that triggered it.

Also, please find below some information on the US State Regulatory Compliance DLP policy named "Washington SB-6043" which might be helpful:

- Washington SB-6043

Identifies documents and transmissions that contain personally identifiable information (PII) regulated by Washington SB-6043. Persons and businesses that conduct business in Washington and own or license unencrypted computerized PII about Washington residents are expected to protect the PII from security breach, and to notify individuals and information owners if their lost PII has been or is likely to be misused. Any person or business that conducts business in Washington and owns or licenses unencrypted computerized PII data for Washington residents, regardless of the entity’s physical location, is required to comply. This policy detects US Social Security numbers, credit card numbers and US drivers license numbers. US drivers licenses are configurable under DLP Policy Manager > Advanced Settings.

I hope the aforementioned information is helpful.

Cheers,
Pratham
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents