Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    Home FortiCWP 4.4.0 Online Help
    4.4.0
    22.2.a
    22.1.0
    21.3.0
    21.2.1
    21.2.0
    21.1.0
    20.3.0
    20.2.0
    20.1.0
    4.4.0
    4.2.0

    Policy

    Policy

    FortiCWP uses policies for two purposes:

    • Scans and reports use policies you set to differentiate between sensitive and non-sensitive data.
    • Alerts are generated depending on the policies you set.

    List of policies featured on FortiCWP

    To configure settings in policy, refer to Configure Policy.

    To setup notification to receive policy triggered alerts, refer to Notifications.

    Risk Assessment

    FortiCWP features risk assessment to check to see if your organization's cloud platform follows the recommended best practices. When users fail to follow these best practices, FortiCWP will send you an alert. To access Risk Assessment policies, go to Policy > Risk Assessment.

    Customized

    FortiCWP allows you to create personalized policies to suit your organizational needs. To add a custom policy, go to Policy > Risk Assessment, and go to Customized tab. Custom policies focus on two aspects, content monitoring and activity monitoring. Content monitoring is primarily used to monitor files for sensitive data. Activity monitoring is primarily used to monitor users and user activities.

    To add a customized Risk Assessment Policy, first create a code pattern.

    Code Pattern

    1. Click on New Code in Customized tab under Code Pattern.
    2. Enter a Code Name.
    3. Copy and Paste the code pattern into the terminal.
    4. Press Test to test the code.
    5. If the code is able to run, then click Save.

    Customized Risk Assessment Policy

    1. Click on New Policy in Customized tab under Customized Risk Assessment Policy.
    2. Enter Name and Description for the new policy.
    3. Click Severity Level drop down menu to select severity level.
    4. Click Code Pattern drop down menu and select the Code Pattern created earlier.
    5. Click Notification tab to edit notification preference.
    6. Click Add Policy.

    Data Analysis

    Data Analysis policies keep track of sensitive data. For example, if a user accesses a file containing Social Security Numbers (SSNs) and you have the SSN policy set, FortiCWP will send you an alert. To access Data Analysis, go to Policy > Data Analysis from navigation pane.

    File types supported for data analysis scans

    Compression

    File Type
    Uncompressed Microsoft Word Document (.doc, .docx)
    Microsoft Powerpoint Document (.ppt, .pptx)
    Microsft Excel Document (.xls, .xlsx)
    Text File (.txt, .rtf)

    Portable Document Format (.pdf)
    Compressed .zip .zip
    .tar
    .7z
    .gz

    File types supported for AV (malware) scans

    Compression

    File Type
    Uncompressed Microsoft Word Document (.doc, .docx)
    Microsoft Powerpoint Document (.ppt, .pptx)
    Microsft Excel Document (.xls, .xlsx)
    Text File (.txt, .rtf)

    Portable Document Format (.pdf)

    Javascript (.js)

    Windows Executable (.exe)
    Compressed .zip .zip
    .tar
    .7z
    .gz

    Data Analysis policies

    Data Analysis policies trigger alerts whenever a monitored file is accessed, regardless of the type of access. If you only want alerts for specific actions, set a Customized policy.
    Identity number
    Policy Name Description
    US Social Security Policy

    FortiCWP scans for SSNs during Discovery scans, and triggers an alert when targets with SSNs are accessed.
    CN Resident Identity Policy

    FortiCWP scans for CN resident identity numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Polish Social Security Number Policy

    FortiCWP scans for Polish SSNs during Discovery scans, and triggers an alert when targets with Polish SSNs are accessed.

    Credit card number
    Policy Name Description
    Visa Credit Card Policy

    FortiCWP scans for Visa credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    MasterCard Policy

    FortiCWP scans for MasterCard credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    American Express Policy

    FortiCWP scans for American Express credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Diners Club Card Policy FortiCWP scans for Diners Club credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Discover Card Policy FortiCWP scans for Discover credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    JCB Policy

    FortiCWP scans for JCB credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Maestro Card Policy

    FortiCWP scans for Maestro credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Driver license number
    Policy Name Description
    UK Driver License Policy FortiCWP scans for UK driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    US-FL Driver License Policy FortiCWP scans for FL driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    US-CA Driver License Policy FortiCWP scans for CA driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CN Driver License Policy FortiCWP scans for CN driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Email address

    Policy Name

    Description
    Email Address

    Policy FortiCWP scans for email addresses during Discovery scans, and triggers an alert when targets with email addresses are accessed.
    Insurance number

    Policy Name

    Description
    CA Insurance Number Policy FortiCWP scans for CA insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    UK Insurance Number Policy FortiCWP scans for UK insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Passport number

    Policy Name

    Description
    UK Passport Number Policy FortiCWP scans for UK passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CN Passport Number Policy FortiCWP scans for CN passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    USA/Germany Passport Number Policy FortiCWP scans for USA/Germany passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    AU Passport Number Policy FortiCWP scans for AU passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    JP Passport Number Policy FortiCWP scans for JP passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CA Passport Number Policy FortiCWP scans for CA passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    FR Passport Number Policy FortiCWP scans for FR passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Bank account number

    Policy Name

    Description
    China Union Pay Policy FortiCWP scans for China Union Pay account numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    UK IBAN Policy FortiCWP scans for UK IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Swiss IBAN Policy FortiCWP scans for Swiss IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    German IBAN Policy FortiCWP scans for German IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Italian IBAN Policy FortiCWP scans for Italian IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Swedish IBAN Policy FortiCWP scans for Swedish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Spanish IBAN Policy FortiCWP scans for Spanish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Birthdate

    Policy Name

    Description
    Birthdate Policy FortiCWP scans for birthdates during Discovery scans, and triggers an alert when targets with birthdates are accessed.
    Malware/Ransomware

    Policy Name

    Description

    Ransomware Encrypted File Detection Policy

    FortiCWP scans for Ransomware Encrypted File during Discovery scans, and triggers an alert when targets are accessed.

    Threat protection

    Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCWP will send you an alert. To access Threat Protection policies, go to Policy > Threat Protection from navigation pane.

    Threat protection policies

    Access

    Policy Name

    Description
    Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
    Password Change Triggers an alert when passwords are changed.
    Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.
    Suspicious Activity

    Policy Name

    Description
    Restricted User Activity Triggers an alert when a monitored user performs select activities.
    Suspicious Time Triggers an alert when there is activity outside of work hours.
    Suspicious Location Triggers an alert when there is activity from suspicious locations.
    Sensitive Activity

    Policy Name

    Description
    Excessive Event Triggers an alert when selected event occurrence exceeds threshold.
    Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.

    Network

    Network policies focuses on network security protocols, including monitoring of botnet activity and inbound traffic from various internet sources such as SSH, SMTP, FTP, ports, etc. To access network policies go to Policy > Network.

    Integration

    Integration policies controls the import setting for the embedded alerts coming from cloud account service vendors. AWS GuardDuty, Inspector, Google Cloud Security Command Center, and Azure Security Center alerts can be turned on or off here. Please note that FortiCWP will start or stop receiving alerts from these services if they are turned on/off. To access Integration, go to Policy > Integration.

    Compliance

    Compliance policies track files relevant to specific regulations. For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy set, FortiCWP will send you an alert. To access Integration, go to Policy > Compliance.

    Compliance policies

    SOX-COBIT

    SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

    See Configure Predefined Policies for instructions and examples on setting policies.

    PCI

    PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing

    See Configure Predefined Policies for instructions and examples on setting policies.

    HIPAA

    HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

    See Configure Predefined Policies for instructions and examples on setting policies.

    GDPR

    GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.

    See Configure Predefined Policies for instructions and examples on setting policies.

    ISO 270001

    ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

    See Configure Predefined Policies for instructions and examples on setting policies.

    NIST 800-53 V4

    NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

    See Configure Predefined Policies for instructions and examples on setting policies.

    NIST 800-171

    NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.

    See Configure Predefined Policies for instructions and examples on setting policies.

    Previous
    Next

    Policy

    Policy

    FortiCWP uses policies for two purposes:

    • Scans and reports use policies you set to differentiate between sensitive and non-sensitive data.
    • Alerts are generated depending on the policies you set.

    List of policies featured on FortiCWP

    To configure settings in policy, refer to Configure Policy.

    To setup notification to receive policy triggered alerts, refer to Notifications.

    Risk Assessment

    FortiCWP features risk assessment to check to see if your organization's cloud platform follows the recommended best practices. When users fail to follow these best practices, FortiCWP will send you an alert. To access Risk Assessment policies, go to Policy > Risk Assessment.

    Customized

    FortiCWP allows you to create personalized policies to suit your organizational needs. To add a custom policy, go to Policy > Risk Assessment, and go to Customized tab. Custom policies focus on two aspects, content monitoring and activity monitoring. Content monitoring is primarily used to monitor files for sensitive data. Activity monitoring is primarily used to monitor users and user activities.

    To add a customized Risk Assessment Policy, first create a code pattern.

    Code Pattern

    1. Click on New Code in Customized tab under Code Pattern.
    2. Enter a Code Name.
    3. Copy and Paste the code pattern into the terminal.
    4. Press Test to test the code.
    5. If the code is able to run, then click Save.

    Customized Risk Assessment Policy

    1. Click on New Policy in Customized tab under Customized Risk Assessment Policy.
    2. Enter Name and Description for the new policy.
    3. Click Severity Level drop down menu to select severity level.
    4. Click Code Pattern drop down menu and select the Code Pattern created earlier.
    5. Click Notification tab to edit notification preference.
    6. Click Add Policy.

    Data Analysis

    Data Analysis policies keep track of sensitive data. For example, if a user accesses a file containing Social Security Numbers (SSNs) and you have the SSN policy set, FortiCWP will send you an alert. To access Data Analysis, go to Policy > Data Analysis from navigation pane.

    File types supported for data analysis scans

    Compression

    File Type
    Uncompressed Microsoft Word Document (.doc, .docx)
    Microsoft Powerpoint Document (.ppt, .pptx)
    Microsft Excel Document (.xls, .xlsx)
    Text File (.txt, .rtf)

    Portable Document Format (.pdf)
    Compressed .zip .zip
    .tar
    .7z
    .gz

    File types supported for AV (malware) scans

    Compression

    File Type
    Uncompressed Microsoft Word Document (.doc, .docx)
    Microsoft Powerpoint Document (.ppt, .pptx)
    Microsft Excel Document (.xls, .xlsx)
    Text File (.txt, .rtf)

    Portable Document Format (.pdf)

    Javascript (.js)

    Windows Executable (.exe)
    Compressed .zip .zip
    .tar
    .7z
    .gz

    Data Analysis policies

    Data Analysis policies trigger alerts whenever a monitored file is accessed, regardless of the type of access. If you only want alerts for specific actions, set a Customized policy.
    Identity number
    Policy Name Description
    US Social Security Policy

    FortiCWP scans for SSNs during Discovery scans, and triggers an alert when targets with SSNs are accessed.
    CN Resident Identity Policy

    FortiCWP scans for CN resident identity numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Polish Social Security Number Policy

    FortiCWP scans for Polish SSNs during Discovery scans, and triggers an alert when targets with Polish SSNs are accessed.

    Credit card number
    Policy Name Description
    Visa Credit Card Policy

    FortiCWP scans for Visa credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    MasterCard Policy

    FortiCWP scans for MasterCard credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    American Express Policy

    FortiCWP scans for American Express credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Diners Club Card Policy FortiCWP scans for Diners Club credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Discover Card Policy FortiCWP scans for Discover credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    JCB Policy

    FortiCWP scans for JCB credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Maestro Card Policy

    FortiCWP scans for Maestro credit card numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Driver license number
    Policy Name Description
    UK Driver License Policy FortiCWP scans for UK driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    US-FL Driver License Policy FortiCWP scans for FL driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    US-CA Driver License Policy FortiCWP scans for CA driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CN Driver License Policy FortiCWP scans for CN driver license numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Email address

    Policy Name

    Description
    Email Address

    Policy FortiCWP scans for email addresses during Discovery scans, and triggers an alert when targets with email addresses are accessed.
    Insurance number

    Policy Name

    Description
    CA Insurance Number Policy FortiCWP scans for CA insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    UK Insurance Number Policy FortiCWP scans for UK insurance numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    Passport number

    Policy Name

    Description
    UK Passport Number Policy FortiCWP scans for UK passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CN Passport Number Policy FortiCWP scans for CN passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    USA/Germany Passport Number Policy FortiCWP scans for USA/Germany passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    AU Passport Number Policy FortiCWP scans for AU passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    JP Passport Number Policy FortiCWP scans for JP passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    CA Passport Number Policy FortiCWP scans for CA passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    FR Passport Number Policy FortiCWP scans for FR passport numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.

    Bank account number

    Policy Name

    Description
    China Union Pay Policy FortiCWP scans for China Union Pay account numbers during Discovery scans, and triggers an alert when targets with such numbers are accessed.
    UK IBAN Policy FortiCWP scans for UK IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Swiss IBAN Policy FortiCWP scans for Swiss IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    German IBAN Policy FortiCWP scans for German IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Italian IBAN Policy FortiCWP scans for Italian IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Swedish IBAN Policy FortiCWP scans for Swedish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Spanish IBAN Policy FortiCWP scans for Spanish IBANs during Discovery scans, and triggers an alert when targets with such IBANs are accessed.
    Birthdate

    Policy Name

    Description
    Birthdate Policy FortiCWP scans for birthdates during Discovery scans, and triggers an alert when targets with birthdates are accessed.
    Malware/Ransomware

    Policy Name

    Description

    Ransomware Encrypted File Detection Policy

    FortiCWP scans for Ransomware Encrypted File during Discovery scans, and triggers an alert when targets are accessed.

    Threat protection

    Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCWP will send you an alert. To access Threat Protection policies, go to Policy > Threat Protection from navigation pane.

    Threat protection policies

    Access

    Policy Name

    Description
    Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
    Password Change Triggers an alert when passwords are changed.
    Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.
    Suspicious Activity

    Policy Name

    Description
    Restricted User Activity Triggers an alert when a monitored user performs select activities.
    Suspicious Time Triggers an alert when there is activity outside of work hours.
    Suspicious Location Triggers an alert when there is activity from suspicious locations.
    Sensitive Activity

    Policy Name

    Description
    Excessive Event Triggers an alert when selected event occurrence exceeds threshold.
    Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.

    Network

    Network policies focuses on network security protocols, including monitoring of botnet activity and inbound traffic from various internet sources such as SSH, SMTP, FTP, ports, etc. To access network policies go to Policy > Network.

    Integration

    Integration policies controls the import setting for the embedded alerts coming from cloud account service vendors. AWS GuardDuty, Inspector, Google Cloud Security Command Center, and Azure Security Center alerts can be turned on or off here. Please note that FortiCWP will start or stop receiving alerts from these services if they are turned on/off. To access Integration, go to Policy > Integration.

    Compliance

    Compliance policies track files relevant to specific regulations. For example, if a user accesses a file containing private heath information and you have the corresponding HIPAA policy set, FortiCWP will send you an alert. To access Integration, go to Policy > Compliance.

    Compliance policies

    SOX-COBIT

    SOX-COBIT policies help your organization track and show compliance with the Sarbanes-Oxley (SOX) Act of 2002 using COBIT guidelines. Use these policies to monitor your cloud applications for SOX compliance, then use the Report feature to print a report detailing compliance specifics.

    See Configure Predefined Policies for instructions and examples on setting policies.

    PCI

    PCI policies help your organization track and show compliance with the Payment Card Industry Data Security Standard (PCI DSS). Use these policies to monitor your cloud applications for PCI DSS compliance, then use the Report feature to print a report detailing

    See Configure Predefined Policies for instructions and examples on setting policies.

    HIPAA

    HIPAA policies help your organization track and show compliance with the Health Insurance Portability and Accountability Act (HIPAA). Use these policies to monitor your cloud applications for HIPAA compliance, then use the Report feature to print a report detailing compliance specifics.

    See Configure Predefined Policies for instructions and examples on setting policies.

    GDPR

    GDPR policies help your organization track and show compliance with the EU General Data protection Regulation (GDPR). Use these policies to monitor your cloud applications for GDPR compliance, then use the Report feature to print a report detailing compliance specifics. Set data pattern of the personal data to monitor in Administrator > Collection, then enable monitoring of the collection data in Compliance > GDPR.

    See Configure Predefined Policies for instructions and examples on setting policies.

    ISO 270001

    ISO 270001 is the best-known standard in the family in providing requirements for an information security management system (ISMS). ISO 270001 policies help your organization manage the security of assets, such as financial information, intellectual property, employee details, and information entrusted to you by third parties.

    See Configure Predefined Policies for instructions and examples on setting policies.

    NIST 800-53 V4

    NIST 800-53 V4 is the recommended security controls for federal information systems and organizations. It documents security controls for all federal information systems.

    See Configure Predefined Policies for instructions and examples on setting policies.

    NIST 800-171

    NIST 800-171 can help to protect controlled Unclassified Information in Non-federal Information Systems and Organizations.

    See Configure Predefined Policies for instructions and examples on setting policies.

    Previous
    Next