6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object

Information

This guideline is highly specific to an organization. While blocking of credit card or Social Security numbers will not occur with the recommended settings below, careful tuning is also recommended.
Configure a Data Pattern with the following values:
CC# - 10
SSN# - 20
SSN# (without dash) 1
Rationale:
Credit card and Social Security numbers are sensitive, and should never traverse an organizations Internet connection in clear text. Passing sensitive data within an organization should also be avoided whenever possible. Detecting and blocking known sensitive information is a basic protection against a data breach or data loss. Not implementing these defenses can lead to loss of regulatory accreditation (such as PCI, HIPAA etc), or can lead to legal action from injured parties or regulatory bodies.

Solution

From GUI:
Navigate to Objects > Security Profiles > Data Patterns.
Create an appropriate Data Pattern with CC# set to 10, SSN# set to 20, and SSN# (without dash) set to 1.
Navigate to Objects > Security Profiles > Data Filtering.
Create an appropriate Data Filtering Profile: Data Pattern: CC-and-SS-Weight Applications: ANY File Types: ANY Direction: Both Alert Threshold: 20 Block Threshold: 0
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION

References: 800-53|CA-7, CSCv6|13.3, CSCv7|13.3

Plugin: Palo_Alto

Control ID: 2c32d3f3a17eec477e6855100ab63dc71641c02e625d6bd24058fce6b3cfd761