Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help

PCI - Retention Violation for Cardholder Data

21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID 6214e17c-9e13-11eb-b70b-00505692583a:142334

PCI - Retention Violation for Cardholder Data

Description

Check if the designated cloud storage data has exceeded the retention time set by the cardholder. The cardholder is able to set the cloud storage file path with the designated retention time.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Retention Violation for Cardholder Data and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy only generates data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In File Path Regex, enter a valid Regex of the target file path for the storage data under the retention restriction. Here are examples of file path Regex:
    1. ".*" targets all files in the cloud account.
    2. "^(?:[\w]\:|\\)(\\[a-z_\-\s0-9\.]+)+\.(txt|gif|pdf|doc|docx|xls|xlsx)$" targets files begin with x:\ or \\ with files ending in the following types of extensions: txt, gif, pdf, doc, docx, xls, xlsx. Here are the file paths that will this file path Regex matches:
      1. \\192.168.0.1\folder\file.pdf
      2. c:\my folder\abc abc.docx

    Reference:

    https://www.codeproject.com/Tips/216238/Regular-Expression-to-Validate-File-Path-and-Exten

  8. In Retention Time (day), enter the number of days as the retention time for the cloud storage data.
  9. In Data Patterns, click on the field and select the data patterns (financial, personal identity information, etc.) that shall be under the retention restriction.
  10. Click Save to upgrade the configuration.

After the policy is enabled and configured, when the targeted data exceeded the maximum retention time, Compliance report will record retention violation generated , for more details, please see Compliance Report.

Previous
Next

PCI - Retention Violation for Cardholder Data

Description

Check if the designated cloud storage data has exceeded the retention time set by the cardholder. The cardholder is able to set the cloud storage file path with the designated retention time.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Retention Violation for Cardholder Data and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy only generates data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In File Path Regex, enter a valid Regex of the target file path for the storage data under the retention restriction. Here are examples of file path Regex:
    1. ".*" targets all files in the cloud account.
    2. "^(?:[\w]\:|\\)(\\[a-z_\-\s0-9\.]+)+\.(txt|gif|pdf|doc|docx|xls|xlsx)$" targets files begin with x:\ or \\ with files ending in the following types of extensions: txt, gif, pdf, doc, docx, xls, xlsx. Here are the file paths that will this file path Regex matches:
      1. \\192.168.0.1\folder\file.pdf
      2. c:\my folder\abc abc.docx

    Reference:

    https://www.codeproject.com/Tips/216238/Regular-Expression-to-Validate-File-Path-and-Exten

  8. In Retention Time (day), enter the number of days as the retention time for the cloud storage data.
  9. In Data Patterns, click on the field and select the data patterns (financial, personal identity information, etc.) that shall be under the retention restriction.
  10. Click Save to upgrade the configuration.

After the policy is enabled and configured, when the targeted data exceeded the maximum retention time, Compliance report will record retention violation generated , for more details, please see Compliance Report.

Previous
Next