Compliance Templates

Compliance templates combine data identifiers and operators (And, Or) in condition statements to tag and detect sensitive content. A Data Loss Prevention policy action triggers when a data set matches condition criteria. For example, a file containing data matching the "All: Names from US Census Bureau AND US: HICN (Health Insurance Claim Number)" templates, triggers the HIPAA policy.

Out-of-the-box templates for regulatory compliance initiatives include GLBA, PCI-DSS, SB-1386, US PII, and HIPAA. Companies can also create custom templates or modify existing templates to suit business requirements. Companies that have pre-existing, user-defined templates can import and export templates to maintain policy consistency throughout their organization.

Create company-specific templates after configuring data identifiers or use the predefined templates.

Predefined Compliance Templates

Cloud App Security comes with a set of predefined templates that you can use to comply with various regulatory standards. You cannot modify or delete predefined templates.

For a detailed list on the purposes of all predefined templates, and examples of data being protected, see the Data Protection Lists document at Learn about Data Loss Prevention predefined compliance templates.

Adding Compliance Templates

Compliance templates define the sensitive data in your organization using keyword lists and expressions. Define templates to protect sensitive information specific to your business.

Note:

Use a predefined compliance template as a base for the new compliance template by selecting the template and clicking Copy. This creates a new template with the prefix "Copy of" in its name.

  1. Go to Data Loss Prevention > Compliance Templates.
  2. Click Add.
    Note:

    Optionally click Import to import compliance templates from other Trend Micro products.

    Note the following:

    • Each template contains a unique ID value. If a template with the same ID already exists, Cloud App Security overwrites the existing template. If a template with the same display name already exists, Cloud App Security appends a time stamp suffix to the new template before adding it to the list.

    • Template files save in .xml format.

  3. Specify compliance template settings.
    Option Description

    Basic Properties

    Specify basic settings.

    Rule Definitions

    Use the plus or minus icons to add or remove keyword list and expression conditions, then click Add.

    Note:

    When adding Expressions criteria, type the number of Occurrences necessary for the template to trigger. This value designates the number of times an expression must be present in a file (email message, attachment) before Cloud App Security triggers an action.

    Template Rules

    Confirm the keyword list and expressions conditions. When adding multiple conditions, select the And or Or operator from the drop-down box beside the template.

  4. Click Save.