6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Filtering Profile

Information

This guideline is highly specific to an organization. While blocking of credit card or Social Security numbers will not occur with the recommended settings below, careful tuning is also recommended.
Configure a Data Pattern with the following values:
CC# - 10
SSN# - 20
SSN# (without dash) - 1
Rationale:
Credit card and Social Security numbers are sensitive, and should never traverse an organization's Internet connection in clear text. Passing sensitive data within an organization should also be avoided whenever possible. Detecting and blocking known sensitive information is a basic protection against a data breach or data loss. Not implementing these defenses can lead to loss of regulatory accreditation (such as PCI, HIPAA etc), or can lead to legal action from injured parties or regulatory bodies.

Solution

From GUI:
Navigate to Objects > Security Profiles > Data Patterns
Create an appropriate Data Pattern with CC# set to 10, SSN# set to 20, and SSN# (without dash) set to 1.

Navigate to Objects > Security Profiles > Data Filtering
Create an appropriate Data Filtering Profile:
Data Pattern: CC-and-SS-Weight
Applications: ANY
File Types: ANY
Direction: Both
Alert Threshold: 20
Block Threshold: 0
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|13.3

Plugin: Palo_Alto

Control ID: a995965e0fd8dab5fb3fcf35b554c2fa573198d5f97b1631f2c5aeead3c22e0b