Re: DLP policy triggered by NMLS ID

clibby1 · ‎06-16-2025

Anyone with an NMLS ID is required to display them prominently in their email. Our employees have it embedded in their signature line similar to this:

<NAME> | <TITLE>
NMLS ID #########
P: (###) ###-#### F: (###) ###-####
email@address.net

This is causing the built-in GLBA DLP filter to catch all of these emails regardless of any actually PII existing in the message. They could send a blank email with only the signature and trigger the filter.

How would we create an exception to the built-in DLP filter in this scenario?

Udupi Krishna. · ‎06-16-2025

There are different ways to handle this. You of-course cannot edit the prebuilt DLP classifier itself, however when you refer it to a policy there are several options provided with which you can skip it without removing the filter completely.

With filter senders and recipients you have option to include specific users or exclude them.

Or you can create an outgoing content filter with action as message tag based on the required condition and then refer the message tag under this option to ensure emails dont get caught by this DLP classifier too.

Having said that, if you feel this classifier shouldnt have caught the emails in the first place i.e. false positive, contact Cisco TAC so that we can look at the email samples caught and report them to Dev for their review.

clibby1 · ‎06-24-2025

I consider these a false positive. If the devs could add logic to ignore “NMLS ID #####” that would solve the problem entirely. Thank you - Chris

Udupi Krishna. · ‎06-24-2025

Hey Chris,

This is a genuine ask. If you havent created a TAC already please do so and provide the information surrounding these false positives

TAC (if the problem is reproducible) can engage Devs to find ways to fix it

clibby1 · ‎06-27-2025

TAC case 699315241 was opened for this, but it only just got assigned.