Policy
FortiCWP uses policies for two purposes:
- Scans and reports use policies you set to differentiate between sensitive and non-sensitive data.
- Alerts are generated depending on the policies you set.
List of policies featured on FortiCWP
|
To configure settings in policy, refer to Configure Policy. To setup notification to receive policy triggered alerts, refer to Notifications. |
Risk Assessment
FortiCWP features risk assessment to check to see if your organization's cloud platform follows the recommended best practices. When users fail to follow these best practices, FortiCWP will send you an alert. To access Risk Assessment policies, go to Policy > Risk Assessment.
Customized
FortiCWP allows you to create personalized policies to suit your organizational needs. To add a custom policy, go to Policy > Risk Assessment, and go to Customized tab. Custom policies focus on two aspects, content monitoring and activity monitoring. Content monitoring is primarily used to monitor files for sensitive data. Activity monitoring is primarily used to monitor users and user activities.
To add a customized Risk Assessment Policy, first create a code pattern.
Code Pattern
- Click on New Code in Customized tab under Code Pattern.
- Enter a Code Name.
- Copy and Paste the code pattern into the terminal.
- Press Test to test the code.
- If the code is able to run, then click Save.
Customized Risk Assessment Policy
- Click on New Policy in Customized tab under Customized Risk Assessment Policy.
- Enter Name and Description for the new policy.
- Click Severity Level drop down menu to select severity level.
- Click Code Pattern drop down menu and select the Code Pattern created earlier.
- Click Notification tab to edit notification preference.
- Click Add Policy.
Data Analysis
Data Analysis policies keep track of sensitive data. For example, if a user accesses a file containing Social Security Numbers (SSNs) and you have the SSN policy set, FortiCWP will send you an alert. To access Data Analysis, go to Policy > Data Analysis from navigation pane.
File types supported for data analysis scans
|
Compression |
File Type |
|---|---|
| Uncompressed | Microsoft Word Document (.doc, .docx) |
| Microsoft Powerpoint Document (.ppt, .pptx) | |
| Microsft Excel Document (.xls, .xlsx) | |
| Text File (.txt, .rtf) | |
|
|
Portable Document Format (.pdf) |
| Compressed .zip | .zip |
| .tar | |
| .7z | |
| .gz |
File types supported for AV (malware) scans
|
Compression |
File Type |
|---|---|
| Uncompressed | Microsoft Word Document (.doc, .docx) |
| Microsoft Powerpoint Document (.ppt, .pptx) | |
| Microsft Excel Document (.xls, .xlsx) | |
| Text File (.txt, .rtf) | |
|
|
Portable Document Format (.pdf) |
|
|
Javascript (.js) |
|
|
Windows Executable (.exe) |
| Compressed .zip | .zip |
| .tar | |
| .7z | |
| .gz |
Data Analysis policies
|
|
Data Analysis policies trigger alerts whenever a monitored file is accessed, regardless of the type of access. If you only want alerts for specific actions, set a Customized policy.
|
Identity number
| Policy Name | Description |
|---|---|
| US Social Security Policy |
FortiCWP scans for SSNs during Discovery scans, and triggers an alert when targets with SSNs are accessed. |
| CN Resident Identity Policy |
FortiCWP scans for CN resident identity numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
|
Polish Social Security Number Policy |
FortiCWP scans for Polish SSNs during Discovery scans, and triggers an alert when targets with Polish SSNs are accessed. |
Credit card number
| Policy Name | Description |
|---|---|
| Visa Credit Card Policy |
FortiCWP scans for Visa credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| MasterCard Policy |
FortiCWP scans for MasterCard credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| American Express Policy |
FortiCWP scans for American Express credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| Diners Club Card Policy | FortiCWP scans for Diners Club credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| Discover Card Policy | FortiCWP scans for Discover credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| JCB Policy |
FortiCWP scans for JCB credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| Maestro Card Policy |
FortiCWP scans for Maestro credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
Driver license number
| Policy Name | Description |
|---|---|
| UK Driver License Policy | FortiCWP scans for UK driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| US-FL Driver License Policy | FortiCWP scans for FL driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| US-CA Driver License Policy | FortiCWP scans for CA driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| CN Driver License Policy | FortiCWP scans for CN driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
Email address
|
Policy Name |
Description |
|---|---|
| Email Address |
Policy FortiCWP scans for email addresses during Discovery scans, and triggers an alert when targets with email addresses are accessed. |
Insurance number
|
Policy Name |
Description |
|---|---|
| CA Insurance Number Policy | FortiCWP scans for CA insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| UK Insurance Number Policy | FortiCWP scans for UK insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
Passport number
|
Policy Name |
Description |
|---|---|
| UK Passport Number Policy | FortiCWP scans for UK passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| CN Passport Number Policy | FortiCWP scans for CN passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| USA/Germany Passport Number Policy | FortiCWP scans for USA/Germany passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| AU Passport Number Policy | FortiCWP scans for AU passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| JP Passport Number Policy | FortiCWP scans for JP passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| CA Passport Number Policy | FortiCWP scans for CA passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| FR Passport Number Policy | FortiCWP scans for FR passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
Bank account number
|
Policy Name |
Description |
|---|---|
| China Union Pay Policy | FortiCWP scans for China Union Pay account numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed. |
| UK IBAN Policy | FortiCWP scans for UK IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
| Swiss IBAN Policy | FortiCWP scans for Swiss IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
| German IBAN Policy | FortiCWP scans for German IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
| Italian IBAN Policy | FortiCWP scans for Italian IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
| Swedish IBAN Policy | FortiCWP scans for Swedish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
| Spanish IBAN Policy | FortiCWP scans for Spanish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed. |
Birthdate
|
Policy Name |
Description |
|---|---|
| Birthdate Policy | FortiCWP scans for birthdates during Discovery scans, and triggers an alert when targets with birthdates are accessed. |
Malware/Ransomware
|
Policy Name |
Description |
|---|---|
|
Ransomware Encrypted File Detection Policy |
FortiCWP scans for Ransomware Encrypted File during Discovery scans, and triggers an alert when targets are accessed.
|
Threat protection
Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCWP will send you an alert. To access Threat Protection policies, go to Policy > Threat Protection from navigation pane.
Threat protection policies
Access
|
Policy Name |
Description |
|---|---|
| Excessive Login Failures | Triggers an alert when the number of failed logins for a user exceeds a set threshold. |
| Password Change | Triggers an alert when passwords are changed. |
| Suspicious Movement | Triggers an alert when a change in a user's geographic location exceeds threshold parameters. |
Suspicious Activity
|
Policy Name |
Description |
|---|---|
| Restricted User Activity | Triggers an alert when a monitored user performs select activities. |
| Suspicious Time | Triggers an alert when there is activity outside of work hours. |
| Suspicious Location | Triggers an alert when there is activity from suspicious locations. |
Sensitive Activity
|
Policy Name |
Description |
|---|---|
| Excessive Event | Triggers an alert when selected event occurrence exceeds threshold. |
| Ransomware Behavior Detection | Triggers an alert when the directory's file(s) had been replaced. |
Network
Network policies focuses on network security protocols, including monitoring of botnet activity and inbound traffic from various internet sources such as SSH, SMTP, FTP, ports, etc. To access network policies go to Policy > Network.
Integration
Integration policies controls the import setting for the embedded alerts coming from cloud account service vendors. AWS GuardDuty, Inspector, Google Cloud Security Command Center, and Azure Security Center alerts can be turned on or off here. Please note that FortiCWP will start or stop receiving alerts from these services if they are turned on/off. To access Integration, go to Policy > Integration.
Compliance
Compliance policies track files relevant to specific regulations. For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy set, FortiCWP will send you an alert. To access Integration, go to Policy > Compliance.
Compliance policies
SOX-COBIT
SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.
See Configure Predefined Policies for instructions and examples on setting policies.
PCI
PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing
See Configure Predefined Policies for instructions and examples on setting policies.
HIPAA
HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.
See Configure Predefined Policies for instructions and examples on setting policies.
GDPR
GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.
See Configure Predefined Policies for instructions and examples on setting policies.
ISO 270001
ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.
See Configure Predefined Policies for instructions and examples on setting policies.
NIST 800-53 V4
NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.
See Configure Predefined Policies for instructions and examples on setting policies.
NIST 800-171
NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.
See Configure Predefined Policies for instructions and examples on setting policies.