Only individuals who have been added to the following group(s) in the ControlPoint Configuration Site will be permitted to perform Compliance actions:
·ControlPoint Compliance Administrators - Individuals permitted to access ControlPoint Compliance functionality.
·ControlPoint Quarantine Administrators - Individuals permitted to manage quarantined content.
Currently, members of the Quarantine Administators group must
§be a Site Collection Administrator for each site collection containing quarantined content (in order to invoke the Manage Quarantine Documents page from the SharePoint Hierarchy)
§also be a member of the Compliance Administrators Group.
It is important to note that Sensitive Content Manager functionality is not available to users who are also members of the Business Administrators group.
The first time a member of the ControlPoint Compliance Administrators group invokes ControlPoint Compliance functionality, that user will be prompted to register with Sensitive Content Manager. You can enter an email address and password of your choice for the on-premises version of Sensitive Content Manager.
NOTE: Registration for Metalogix Cloud Services is no longer a valid option.
IMPORTANT: Compliance endpoints must have been set by the ControlPoint Application Administrator before a Registration can be performed. If endpoints have not been set, an error is thrown when an attempt is made to register.
Once registration has been completed, members of the ControlPoint Compliance Administrators group can begin to use ControlPoint with Sensitive Content Manager.
Sensitive Content User Maintenance functionality can be used by members of the ControlPoint Compliance Administrators group to register or delete other Sensitive Content Manager users, as an alternative to having users self-register.
To launch the Sensitive Content Manager User Maintenance page:
From the Manage panel, choose Compliance > User Maintenance.
The Sensitive Content User Maintenance page uses Auth Tokens to connect to Sensitive Content Manager, as well as Refresh tokens to prevent Auth tokens from expiring. Under normal circumstances, Auth tokens are auto-refreshed hourly and should never expire. Therefore, the [Refresh] option should only be only with guidance from Quest Support.
To register Sensitive Content Manger users:
1Click [Register] to display the Select Users dialog.
2Enter the user account that you want to register.
NOTE: You can only register one user at a time, and the user you want to register must have a valid email address.
3Click [Add] to add the user and display the Metalogix Sensitive Content Manager Registration dialog.
5Complete Steps 1-4 for each user you want to register.
NOTE: Make sure that all registered users are also members of the ControlPoint Compliance Administrators group but are not also members of the Business Administrators group.
To "unregister" Sensitive Content Manager users:
1Use the check box(es) to select the user(s) you want to unregister.
NOTE: Unless you remove the unregistered users from the ControlPoint Compliance Administrators group, they will continue to be prompted to register whenever Sensitive Content Manager functionality is invoked
A Sensitive Content Manager Profile is a named collection of content search and analysis guidelines. SCM includes a number of "Standard" Profiles for detecting Sensitive Content, which include:
·Personally Identifiable Information (PII)
·Protected Health Information (PHI)
·Payment Card Industry (PCI)
·General Data Protection Regulation (GDPR) compliance.
NOTE: Quest continually adds new Standard Profiles, which cannot be modified or deleted.
Members of the ControlPoint Compliance Administrators group can also create and manage custom Profiles by defining content search and analysis guidelines to use, as an organization's file analysis criteria may differ from those used in Standard Profiles. For example, you may want to create a custom Profile to group and weight a different subset of the predefined Search Terms, add custom Search Terms for sensitive data types, or analyze data that falls outside "standard" Profile definitions.
Sensitive Content Manager Profile Components
Sensitive Content Manager Profiles consist of the components described in the following table.
A word or any simple or complex alphanumeric pattern that represents sensitive information in a document.
For example, in the PII Profile, these Search Terms are the personal identifiable information like a person's name, date of birth, financial account numbers, address, email address, etc.
Each content search uses a set of Search Terms in a Profile.
Regular Expression (Regex)
The search syntax for a Search Term.
The analysis engine matches the file contents with a Search Term based on the regex syntax specified in the Profile. You can define new Profiles that use the Standard Search Terms, or create Search Terms based on custom expressions.
NOTE: Regular expressions for the predefined search terms are internally defined in the Search Term, and cannot be modified because they are not standalone regular expressions.
The degree of severity of a possible content match for a specific Profile.
That weight factor combined with the number of content matches encountered during an analysis job.
File scores are calculated during a file analysis to determine the overall severity level of a document