Compliance

Organizational compliance is one of the leading drivers that require DLP tooling such as Nightfall. These are the recommended configurations for each compliance framework.

Compliance
Configuration
Considerations
Privacy Compliance (CCPA, VDPA, etc.)
Use all your locale’s Standard PII detectors.
Set Minimum Confidence to Likely
Set alert to trigger on Any Detectors
See Privacy Compliance by Locale for specific examples.
For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per:
​
​
​
HIPAA Compliance
Use the Protected Health Information (PHI) detector
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors


Depending on the type of healthcare organization, disclosure of personal information may disclose PHI (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI).
PCI Compliance
Use the Credit Card Number detector
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors


For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per:
​
​
​
ACH Compliance
Use the US Bank Routing and Person Name detectors
Set Minimum Confidence level to Likely
Set alert to trigger on All Detectors


GLBA Compliance 
Use the SWIFT and US Bank Routing detectors
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors


ISO 27001 Compliance for v2022
​
Enable all Secrets detectors:
API key
Cryptographic key
Database Connection String
GCP credentials
Password in code
Set Minimum Confidence level to Likely
Set alert to trigger on Any Detectors


​
Other detectors that exist are not recommended for use for the above compliance frameworks. 
See Creating Detection Rules for general information on creating and tuning detection rules.
For all use cases, Nightfall recommends:
Scoping should cover all locations where the sensitive data should not be disclosed
Tune and amend rules over time in accordance with your violations and data.
Use Context and Exclusion Rules to reduce false positives and fine-tune alerts.
Consider increasing the number of detections required before triggering an alert - more findings often mean higher confidence. 
Upgrade your rules from Basic to Advanced as needed. 
Please report any false positives to [email protected]. We will use your reports to improve our ML models.
If you have compliance requirements not covered above, please contact [email protected].

Compliance	Configuration	Considerations
Privacy Compliance (CCPA, VDPA, etc.)	Use all your locale’s Standard PII detectors. Set Minimum Confidence to Likely Set alert to trigger on Any Detectors See Privacy Compliance by Locale for specific examples.	For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per:
HIPAA Compliance	Use the Protected Health Information (PHI) detector Set Minimum Confidence level to Likely Set alert to trigger on Any Detectors	Depending on the type of healthcare organization, disclosure of personal information may disclose PHI (e.g., a sufficiently uniquely named person going to a health provider like an AIDS clinic would likely disclose the person’s PHI).
PCI Compliance	Use the Credit Card Number detector Set Minimum Confidence level to Likely Set alert to trigger on Any Detectors	For greater rigor, set on each of your locale’s detection rules alongside the Person Name detector configured to trigger with All Detectors, per:
ACH Compliance	Use the US Bank Routing and Person Name detectors Set Minimum Confidence level to Likely Set alert to trigger on All Detectors
GLBA Compliance	Use the SWIFT and US Bank Routing detectors Set Minimum Confidence level to Likely Set alert to trigger on Any Detectors
ISO 27001 Compliance for v2022	Enable all Secrets detectors: API key Cryptographic key Database Connection String GCP credentials Password in code Set Minimum Confidence level to Likely Set alert to trigger on Any Detectors

Finding Snippets in Alerts

Next - Nightfall Detection & Policy Templates

Privacy Compliance by Locale

Last modified 10d ago