Managing Sensitive Content Manager Profiles
A Sensitive Content Manager Profile is a named collection of content search and analysis guidelines. SCM includes a number of Standard (BuiltIn) Profiles for detecting Sensitive Content, which include:
·Personally Identifiable Information (PII)
·Protected Health Information (PHI)
·Payment Card Information (PCI)
·General Data Protection Regulation (GDPR) compliance.
NOTE: Quest continually adds new Standard (BuiltIn) Profiles, which cannot be modified or deleted.
Members of the ControlPoint Compliance Administrators group can also create and manage custom Profiles by defining content search and analysis guidelines to use, as an organization's file analysis criteria may differ from those used in BuilIn Profiles. For example, you may want to create a custom Profile to group and weight a different subset of the predefined Search Terms, add custom Search Terms for sensitive data types, or analyze data that falls outside BuiltIn Profile definitions.
IMPORTANT: If you have upgraded from Sensitive Content Manager 1.9, you may have to re-create (or try to restore) any existing custom Profiles, as the range of possible severity levels. Contact Quest Support for assistance.
Sensitive Content Manager Profile Components
Sensitive Content Manager Profiles consist of the components described in the following table.
|
Profile Component |
Description |
|---|---|
|
Search Term |
A word or any simple or complex alphanumeric pattern that represents sensitive information in a document. For example, in the PII Profile, these Search Terms are the personal identifiable information like a person's name, date of birth, financial account numbers, address, email address, etc. Each content search uses a set of Search Terms in a Profile. |
|
Regular Expression (Regex) |
The search syntax for a Search Term. The analysis engine matches the file contents with a Search Term based on the regex syntax specified in the Profile. You can define new Profiles that use the Standard Search Terms, or create Search Terms based on custom expressions. NOTE: Regular expressions for the predefined search terms are internally defined in the Search Term, and cannot be modified because they are not standalone regular expressions. |
|
Weight |
The degree of severity of a possible content match for a specific Profile. |
|
File Score |
That weight factor combined with the number of content matches encountered during an analysis job. File scores are calculated during a file analysis to determine the overall severity level of a document |
Creating, Editing, and Deleting Sensitive Content Manager Profiles
IMPORTANT: As of Metalogix Sensitive Content Manager version 2.0:
·The concept of Public vs. Private Profiles has been eliminated. All Profiles can be viewed by all members of the Compliance Administrators group.
·The range of possible Severity Thresholds has been reduced to between 1 and 10. If you have upgraded from an earlier version, Standard (BuiltIn) Profiles will reflect this change. Any Custom Profiles, as well as pending content submissions that use older Profiles, may need to be re-created.
To create a Sensitive Content Manager Custom Profile:
1.From the Manage panel, choose Compliance > Profile Maintenance.
2Click [Create].
3Enter a unique title for the Profile, as well as a description that will be visible to end users.
4If different than the defaults, using a range from 1-10, adjust the relative weights (that is, the degree of severity of a possible content match) for each threat level (Mild, Moderate, and Severe).
5From the Search Term List, select the Search Term(s) that you want to add to the Profile, then click [Add] to move the term(s) to the Profile Search Terms list.
NOTE: If you want to include a Search Term that does not display in the list, you can create a custom Search Term.
6Click [Create].
To edit a Custom Profile:
1In the Compliance Search Terms Manager page, select the Custom Profile you want to edit, then click [Edit].
2Update fields as needed, then click [Update].
Note that BuiltIn Profiles are provided by Quest and cannot be edited or deleted.
Deleting a Custom Profile
You can delete a Custom Profile only if:
·a content analysis job that uses the profile has not yet been run
AND/OR
·it is not being used by any ControlPoint Policies.
Managing Compliance Search Terms
Sensitive Content Manager includes a number of out-of-the-box BuiltIn Search Terms for use in creating Profiles. These include terms related to:
·Personal Identification Information (PII)
·Payment Card Information (PCI)
·Protected Health Information (PHI)
·General Data Protection Regulation (GDPR) compliance.
NOTE: Note that Quest continually adds Standard (BuiltIn) Search Terms, which cannot be edited or deleted.
Members of the Compliance Administrators can also create and maintain custom Search Terms to meet the organization's unique compliance needs.
To launch the Compliance Search Terms Manager page:
From the Manage panel, choose Compliance > Search Terms Maintenance.
NOTE: You can also access this page from the Compliance Profile Manager page by clicking [Create Custom Search Term].
To create custom Search Terms:
1Click [Create].
2Enter a Search Term Title and Search Term Description.
4.Enter a valid regex expression.
NOTE: Do not enter any leading or ending slashes (/)
5.To test the validity of the expression:
a)enter representative text in the Sample Text Goes Here: field.
b)Click the [Test Expression] at the bottom of the dialog.
A pop-up will display informing you that either:
§a match can be found for the text using the given regex
OR
§a match cannot be found for the text using the given regex.
To edit a custom Search Term:
1In the Compliance Search Terms Manager page, select the term that you want to edit, then click [Edit].
2Update fields as needed, then click [Update].
NOTE: Any Search Term for which the regex is not visible is a BuiltIn Term provided by Quest that cannot be edited.
Defining Compliance Action Rules
Members of the ControlPoint Compliance Administrators group can define Compliance Action rules to determine how non-compliant content should be handled, based on the severity level detected. You can also specify that one or more users be alerted via email when a Compliance Action is taken.
REMINDER: Metalogix Sensitive Content Manager version 2.0 or later must be installed in your environment and you must be a member of the ControlPoint Compliance Administrators group to use this functionality.
To access the Compliance Actions page:
Use the information in the following table to determine the appropriate action to take.
|
If you are creating ... |
Then ... |
|---|---|
|
a global set of rules independent of a particular scan job |
from the Manage panel, choose Compliance > ControlPoint Compliance Actions. |
|
a set of rules for a specific scan job that has been returned from Metalogix Sensitive Content Manager |
·From the Compliance Summary page, select the scan job to which you want to apply the rule. ·Click [Apply Compliance Actions]. |
To define Compliance Action rules:
1Enter a unique name to create a new Compliance Action, or choose an existing action from the drop-down.
WARNING: If you choose to Update Existing Compliance Actions, the changes will be applied to all scan jobs that use it going forward.
2For each of the Severity levels (Mild, Moderate, and Severe), specify the action that should be applied when a threat is detected. You can choose to have ControlPoint:
·Take No Action on non-compliant content
·Quarantine non-compliant content
·Use an Approval Workflow to address non-compliant content
·Remove non-compliant content
Note that an action must be defined for all three severity levels. You can navigate from one rule to the next via the Select actions for threat level: button.
3If you want ControlPoint to send an email alert when a specified action is taken:
a)Check the Alert Users box.
b)Click [Create New User].
c)Complete the Select Users for the user to which you want to send the alert.
NOTE: Currently, you can only select one user at a time. Repeat substeps b) and c) for each user you want to alert.
If you have chosen to have ControlPoint Quarantine an item with non-compliant content, you can also choose to have an alert sent to all members of the ControlPoint Compliance Administrators group.
If you have chosen to use an Approval Workflow, follow the instructions for "Using an Approval Workflow," following.
4When you have finished defining Compliance Rules for each Severity Level, click [Save].
Using An Approval Workflow
If you have chosen to use an Approval Workflow to address non-compliant content, after clicking the [Create New User] button:
1First, select the user who will be notified by ControlPoint to start the workflow when non-compliant content is found
2Select additional users who will be designated as approvers.
NOTE: The user you select to start the workflow must have permissions to Edit Items and approvers must have permissions to Approve Items for lists within the scope of the Compliance Action.
You can also choose to have SharePoint notify approvers
§One at a Time (Serial)
OR
·All At Once (Parallel)
3Click [Add User].
4If you want SharePoint to notify additional users when an approval workflow starts and ends:
a)Click [Create New User].
b)Select the users you want to notify.
c)Choose Notify these people when the workflow starts and ends without assigning tasks to them.
d)Click [Add User].
5For Request, enter the message that you want to be sent to users with assigned tasks.
Compliance Action Alert Email
When a Compliance Action rule includes an alert, an email, which identifies the Severity Level and action taken, is automatically sent to selected recipients.
ControlPoint Application Administrators can change the default text for the email by updating the applicable ControlPoint Configuration Setting:
·ComplianceMildLevelThreatsEmailBody
·ComplianceModerateLevelThreatsEmailBody
·ComplianceSeverLevelThreatsEmailBody
Refer to the ControlPoint Administrators Guide for details.