Here is a great overview of some new wave features regarding DLP Policies with Exchange 2013 that we want you to know about. (Original Source)
Microsoft Exchange provides a significant number of pre-done templates for many of the more popular compliance requirements including HIPAA, Sarbanes Oxley, PCI, J-SOX and many more.
Templates can be edited to meet the most stringent needs of the organization. Companies can use their own DLP policies and are also also able to modify the templates to meet the specific needs of their organization.
Examples of templates included in this software:
|U.S. Federal Trade Commission (FTC) Consumer Rules||Helps detect the presence of information subject to U.S. Federal Trade Commission (FTC) Consumer Rules, including data like credit card numbers.|
|U.S. Financial Data||Helps detect the presence of information commonly considered to be financial information in United States, including information like credit card, account information, and debit card numbers.|
|U.S. Gramm-Leach-Bliley Act (GLBA)||Helps detect the presence of information subject to Gramm-Leach-Bliley Act (GLBA), including information like social security numbers or credit card numbers.|
|U.S. Health Insurance Act (HIPAA)||Helps detect the presence of information subject to United States Health Insurance Portability and Accountability Act (HIPAA),including data like social security numbers and health information.|
|U.S. Patriot Act||Helps detect the presence of information commonly subject to U.S. Patriot Act, including information like credit card numbers or tax identification numbers.|
|U.S. Personally Identifiable Information (PII) Data||Helps detect the presence of information commonly considered to be personally identifiable information (PII) in the United States, including information like social security numbers or driver’s license numbers.|
|U.S. State Breach Notification Laws||Helps detect the presence of information subject to U.S. State Breach Notification Laws, including data like social security and credit card numbers.|
|U.S. State Social Security Number Confidentiality Laws||Helps detect the presence of information subject to U.S. State Social Security Number Confidentiality Laws, including data like social security numbers.|
To see additional Templates covering DLP Policy Templates for Australia, Canada, France, Germany, Israel, United Kingdom, Japan and Saudia Arabia click here.
What do you need to know before you begin?
- Estimated time to complete each procedure: 15-60 minutes
- You need to be assigned permissions before you can perform this procedure or procedures.
- To see what permissions you need, see the “Data loss prevention (DLP)” entry in the Messaging Policy and Compliance Permissions topic.
For any DLP policy, you can select one of three modes:
- Enforce Rules within the policy are evaluated for all messages and supported file types. Mail flow can be disrupted if data is detected that meets the conditions of the policy. All actions described within the policy are taken.
- Test DLP policy with Policy Tips Rules within the policy are evaluated for all messages and supported file types. Mail flow will not be disrupted if data is detected that meets the conditions of the policy. That is, messages are not blocked. If Policy Tips are configured, they are shown to users.
- Test DLP policy without Policy Tips Rules within the policy are evaluated for all messages and supported file types. Mail flow will not be disrupted if data is detected that meets the conditions of the policy. That is, messages are not blocked. If Policy Tips are configured, they are not shown to users.
An individual rule within a DLP policy can have its own mode settings. When the mode of a policy is different than the mode of a rule within that policy, the rule setting has priority and will be evaluated according to its mode.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.
Note: In addition to the rules within a specific template, your organization may have additional expectations or company policies that apply to regulated data within your messaging environment. Exchange 2013 makes it easy for you to change the basic template in order to add actions so that your Exchange messaging environment complies with your own requirements.
- You can modify policies by editing the rules within them once the policy has been saved in your Exchange 2013 environment. An example rule change might include making specific people exempt from a policy or sending a notice and blocking message delivery if a message is found to have sensitive content. For more information about editing policies and rules, see Manage DLP Policies.
- You have to navigate to the specific policy’s rule set on the Edit DLP policy page and use the tools available on that page in order to change a DLP policy you have already created in Exchange 2013.
- Some policies allow the addition of rules that invoke RMS for messages. You must have RMS configured on the Exchange server before adding the actions to make use of these types of rules.
- For any of the DLP policies, you can change the rules, actions, exceptions, enforcement time period or whether other rules within the policy are enforced and you can add your own custom conditions for each.
Lastly, some words of caution:
You should enable your DLP policies in test mode before running them in your production environment. During such tests, it is recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results.
Use of these policies does not ensure compliance with any regulation. After your testing is complete, make the necessary configuration changes in Exchange so the transmission of information complies with your organization’s policies. For example, you might need to configure TLS with known business partners or add more restrictive transport rule actions, such as adding rights protection to messages that contain a certain type of data.