Compliance
Organizational compliance is one of the leading drivers that require DLP tooling such as Nightfall. These are the recommended configurations for each compliance framework.
Compliance | Configuration | Considerations |
---|---|---|
Privacy Compliance (CCPA, VDPA, etc.) |
| For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per: |
HIPAA Compliance |
| Depending on the type of healthcare organization, disclosure of personal information may disclose PHI (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI). |
PCI Compliance |
| For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per: |
ACH Compliance |
| |
GLBA Compliance |
| |
ISO 27001 Compliance for v2022 |
|
Other detectors that exist are not recommended for use for the above compliance frameworks.
For all use cases, Nightfall recommends:
- Scoping should cover all locations where the sensitive data should not be disclosed
- Tune and amend rules over time in accordance with your violations and data.
- Consider increasing the number of detections required before triggering an alert - more findings often mean higher confidence.
- Upgrade your rules from Basic to Advanced as needed.
- Please report any false positives to [email protected]. We will use your reports to improve our ML models.