Help Desk
Contact Support

Welcome to
Help Desk

Product Updates
 Training
Support
 Ideas Contact Support

Egnyte Built-In Classification Policy Criteria

Egnyte Secure & Govern offers several built-in classification policies and patterns that are targeted toward compliance with data security and privacy standards in several regional jurisdictions. An overview of all available policies can be found in this article. Detailed policy-matching criteria for some specific policies and patterns can be found below.

Table of Contents:

      

Specific Classification Policy Criteria 

Architecture, Engineering & Construction

Building Safety Act

Search for keywords that relate to the UK Building Safety Act. Examples include Building Control, Fire Safety, Emergency Exit

Finance

GLBA: Gramm-Leach-Bliley Financial Modernization Act Policy

Egnyte GLBA Narrow Version

To match the Narrow Version, an object must contain the following:

  • Social Security Number (US)
  • In addition to SSN, a match to at least one of the following -
  • Registered Investment Advisors (RIAs)
  • US Bank names
  • Bank account number (US)
  • Credit/debit card number
  • MagStripe Track

Egnyte GLBA Broad Version

Policy criteria: To match the Broad Version, an object must match any of the Personally Identifiable Information(PII) of the US, which includes:

  • Social Security Number (US)
  • Drivers License Number (US)
  • VISA Number (US) and if any other pattern is added in the future for the US under the PII tag 
  • Passport Number

In addition to above, a match to at least one of the following:

  • Registered Investment Advisors (RIAs)
  • US Bank names
  • Bank account number (US)
  • Credit/debit card number
  • MagStripe Track
  • At least two Personal Finance terms

PCI-DSS: Payment Card Industry Data Security Standard Policy

Policy criteria: To match the PCI-DSS Policy, an object must contain Payment Information, which includes any of the following:

  • Credit/Debit Card Number
  • MagStripe Track

SOX: Sarbanes-Oxley Act Policy

Policy criteria: To match the SOX Policy, an object must contain at least one of the following:

  • Corporate Information of US and the Securities and Exchange Commission (SEC) Fair Disclosure forms. Corporate Information includes
    • IRS Employer Identification Number (US)
    • National Provider Identifier (NPI) number (US)
    • DEA Registration Number
    • IRS Employer Identification Number of US with at least five unique terms from Common Financial Statement Terms
    • At least ten unique Common Financial Statement Terms

General Privacy

CCPA: California Consumer Privacy Act Policy

Egnyte CCPA Narrow Version

To match the Narrow Version, an object must contain the following:

  1. A match to any of the following patterns only if a person's name is found within 200 characters of the matched content
    • Social Security Number
    • Drivers License Number (US)
    • VISA Number (US)
    • MagStripe track
    • Credit/debit card number
    • Bank account number (US)
    • Health Insurance Claim Number(US)

Egnyte CCPA Broad Version

Policy criteria: To match the Broad Version, an object must contain at least one of the following:

  • A match to any of the following patterns only if a person's name is found within 200 characters of the matched content
    • Social Security Number
    • Drivers License Number (US)
    • VISA Number (US)
    • MagStripe track
    • Credit/debit card number
    • Bank account number (US)
    • Health Insurance Claim Number(US)
  • A match to any of the following patterns only if a privacy policy keyword is found within 200 characters of the matched content:
    • Email address

GDPR: General Data Protection Regulation Policy

Egnyte GDPR Narrow Version

Policy Criteria: To match the Narrow Version, an object must contain at least one of the following:

Any Personally Identifiable Information(PII) of the EU which includes -

  • EU countries Driver's License Number
  • EU countries National Identifiers Number and if any other pattern is added in the future for the EU under the PII tag
  • Passport Number
  • Any Banking Information(PIFI) of EU which includes -
  • EU countries IBAN number
  • EU bank identifiers and bank account number
  • EU countries Single Euro Payments Area (SEPA) number
  • EU countries VAT number and if any other pattern is added in the future for EU under the PIFI tag 

Any Personal Health Information (PHI) of EU which includes -

  • Personal Health Identifiers of supported EU countries and if any other pattern is added in the future for EU under the PHI tag 

Egnyte GDPR Broad Version

Policy Criteria: To match the Broad version, an object must contain Partially Personal Information (PPI) but only if a person's name is found within 200 characters of the matched content which includes:

  • EU Postal Address
  • EU Telephone Number and if any other pattern is added in the future for the EU under the PPI tag
  • Email Address
  • Date of Birth
  • Ip Address
  • WebLog
  • Any of Personally Identifiable Information(PII) of the EU which includes -
  • EU countries Driver's License Number
  • EU countries National Identifiers Number and if any other pattern is added in the future for the EU under the PII tag
  • Passport Number
  • Any of Banking Information(PIFI) of the EU which includes -
  • EU countries IBAN number
  • EU bank identifiers and bank account number
  • EU countries Single Euro Payments Area (SEPA) number
  • EU countries VAT number and if any other pattern is added in the future for the EU under the PIFI tag
  • Any of Personal Health Information (PHI) of the EU which includes -
  • Personal Health Identifiers of supported EU countries and if any other pattern is added in the future for the EU under the PHI tag

Government & Defense

CUI:  Controlled Unclassified Information

Egnyte CUI Narrow Version

To match the narrow CUI policy, an object must contain a match to at least one of the following (based on the category marking list).

General rules for markings:

  • Markings are mostly UPPERCASE letters with some hyphen characters and spaces - dissemination controls (see below) may contain lowercase characters.
  • Markings are split into portions which are separated by '//' and '/'.
  • There is a defined set of values for markings - note that the sets of possible values are CASE SENSITIVE.

Marking makeup:

  • markings always begin with CONTROLLED or CUI (both are interchangeable)
  • (optional after CONTROLLED or CUI), // followed by one or more category markings. Multiple category markings are split by a single forward slash /
  • (optional after category markings), // followed by one or more dissemination controls. multiple dissemination controls are separated by a single forward slash

Valid examples (note that all of the following would appear in the header of all documents that meet CUI):

  • CUI (Basic marking, no category marking)
  • CONTROLLED (alternative basic marking, no category marking)
  • CUI//PERS/ (Single category marking)
  • CUI//SP-PERS/SP-SUB (Multiple category markings)
  • CUI//PERS//NOFORN (single category, single dissemination control)
  • CUI//SP-PERS/SP-SUB//NOFORN/NOCON (multiple categories, multiple dissemination controls)
  • CONTROLLED//SP-PERS//REL TO [USA, AUS, CAN]  (single category, single dissemination control with country codes)

Egnyte CUI Broad Version

The broad version of the CUI policy will search for content that could constitute CUI based on keywords in the content and CUI banner markings listed in the Narrow version.

ITAR:  International Traffic in Arms Regulations

Policy criteria: To match the ITAR policy, an object must contain a match to at least one of the following:

Healthcare

HIPAA: Health Insurance Portability and Accountability Act

Egnyte HIPAA Narrow Version

Policy Criteria: To match the Narrow Version, an object must contain:

  1. Any of the following:
    • Social Security Number (US)
    • Health Insurance Claim Number
  2. In addition to #1 above, a match to at least one of the following within 200 characters of above match:
    • ICD-10 Codes
    • ICD-10 Ailments Narrow version
    • ICD-10 PCS Codes
    • ICD-10 PCS Procedures
    • CPT Codes
    • CPT Procedures Narrow version
    • National Provider Identifier (NPI) number
    • DEA Registration Number

Egnyte HIPAA Broad Version

Policy Criteria: To match the Broad Version, an object must contain one identifier from each of the following lists:

  1. Personally Identifiable Information(PII) or Personal Health Information (PHI) of the US which includes -
    • Person Name
    • Postal Address (US)
    • Date of Birth
    • Telephone/Fax Number (US)
    • Email address
    • Social Security Number (US)
    • Bank Account Number
    • VIN Number (US)
    • IP Addresses
  2. Medical terminology in one of the following categories  -
    • ICD-10 Codes
    • ICD-10 Ailments
    • ICD PCS Codes
    • ICD PCS Procedures
    • CPT Codes
    • CPT Procedures
    • National Provider Identifier (NPI) number
    • DEA Registration Number
    • CMS Forms
    • Proprietary and generic names of drugs approved by the US FDA

Other Policies

Encryption keys and API secrets

Detects API keys and web secrets from top industry vendors. Examples include: AmazonAWSAccessKey, GoogleAPIKey, RSAKey, PGPKey.

 

Sensitive Content Patterns

Pattern Definitions

Corporate

Confidential document markers

Documents are identified based on keywords that indicate confidentiality in documents. Examples include Confidential, Privileged, Secret.

Financial

Common Financial Statement Terms

Documents are identified based on keywords that are common in financial statements. Examples include Accounts Payable, Dividend Income, Gross Profit.

Registered Investment Advisors

Documents identified as including registered investment advisors based on the SEC list.

Personal Finance Terms

Documents are identified based on keywords that are common in personal finance. Examples include Account Number, Cardholder, Home Equity.

Document Types

Document Classes

Classes trained on industry standards and customer-provided documents of similar types

AEC

Classes trained on Architecture, Engineering, and Construction industry-standard formats and
customer provided documents of similar types.

Healthcare

  • CMS forms

  • Documents matching specific CMS forms. The forms identified are:

      • CMS-1500
      • CMS-1450
      • CMS-1490
      • CMS-4040
      • CMS-L564
      • CMS-R285
      • CMS-40B
      • CMS-10036
      • CMS-10106
      • CMS-10114
      • CMS-10125
      • CMS-10126
      • CMS-10269
      • CMS-10287
      • CMS-1696
      • CMS-1771
      • CMS-1980
      • CMS-20027
      • CMS-2628
      • CMS-20031
      • CMS-2728

Personal

Fannie Mae 1003 Mortgage Application - Uniform Residential Loan Application used by lenders to obtain personal financial Information from borrowers

Credit Report Forms - Documents related to the Fair Credit Reporting Act. Keywords include Credit Score, Financial Statement, and Public Records.

Corporate

Merger & Acquisition documents

M&A Documents: Common terms associated with documents such as Merger Agreements, Asset Purchase Agreements, Letters of Intent

SEC Fair Disclosure Forms

SEC forms identified are 6-K, 8-A, 8-K, Form 10, 10-D, 11-K, 13-F, 20-F, CB, 40-F, SCI, S-1, S-11, Form 144, Form 10-K, Form 10-Q

Was this article helpful?
1 out of 1 found this helpful

For technical assistance, please contact us.