6.15 Ensure a secure Data Filtering profile is applied to all security policies allowing traffic to or from the Internet

Information

Create a secure Data Filtering profile and apply it to all security policies permitting traffic to or from the Internet. The Data Filtering profile may be applied to security policies directly or through a profile group.
Rationale:
A Data Filtering profile helps prevent certain types of sensitive information from traversing an organization's Internet connection in clear text. Detecting and blocking known sensitive information is a basic protection against a data breach or data loss. Not implementing these defenses can lead to loss of regulatory accreditation (such as PCI, HIPAA etc), or can lead to legal action from injured parties or regulatory bodies.

Solution

From GUI:
Navigate to Objects > Security Profiles > Data Filtering

Create a Data Filtering Profile:
Applies to all security policies allowing traffic from Internet
Check the Shared and Data Capture boxes
Data Pattern set to CC-and-SS-Weight
Applications set to Any
File Types set to Any
Direction set to Both
Alert Threshold set to 20
Block Threshold set to 0
Configure a Data Threshold Profile to be applied to all Security Policies permitting traffic to the Internet.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|13.3

Plugin: Palo_Alto

Control ID: 169d0e676e590de69a02ef1eb6624ddbd73a18edb12367a79d5926446ffc2e2c