US and Canada Federal Regulations

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > US and Canada Federal Regulations

US and Canada Federal Regulations

Predefined Policies and Classifiers | Forcepoint DLP | v8.4.x

The following regulations apply to both the United States and Canada:

Children's Online Privacy Act (COPPA)

Export Administration Regulations (EAR)

Sarbanes-Oxley Act (SOX)

The Check Clearing for the 21st Century Act (Check 21) is a Federal law designed to foster innovation in the payments system and to enhance its efficiency by reducing some of the legal impediments to check truncation. The policy detects TIFF files, widely used for scanned checks. The rule for this policy is:

Check 21: TIFF Format

Children's Online Privacy Act (COPPA)

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law applied to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age. The policy detects combinations of personal information with age information that indicates that the person's age is less than 13, based on explicit age or date of birth. The rules for this policy are:

COPPA: PII of Children (Wide)

COPPA: PII of Children (Default)

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the US Department of Defense process to ensure the management of risks on Information Systems (IS). The policy is applied to information systems of DoD-related units and contractors. The DLP aspect of the policy applies to combinations of Personally Identifiable Information (like social security number or credit card number) with sensitive private information, such as health conditions, names of crimes, and ethnicities, to promote compliance with DoD Privacy Program (DoD 5400.11-R) and Privacy of Health Information in DoD Health Care (DoD 6025.18). Additional rules detect confidential information about the corporate network, and confidential documents, according to DoD 8520.1 - Protection of Sensitive Compartmented Information (SCI). The rules for this policy are:

DIACAP: 5400.11-R - Name and Crime

DIACAP: 5400.11-R - Name and Ethnicity

DIACAP: 5400.11-R - Name and SSN

DIACAP: 5400.11-R - SSN and Crimes

DIACAP: 8520.1 - Confidential Documents

DIACAP: 8520.1 - Password dissemination for Web traffic

DIACAP: 8520.1 - Proprietary in Header or Footer

DIACAP: 8520.1 - Suspected Passwords

DIACAP: DoD 5400.11-R - SSN and Ethnicities

DIACAP: DoD 6025.18 - CCN and Sensitive Disease or drug

DIACAP: DoD 6025.18 - Name and Common Medical Condition

DIACAP: DoD 6025.18 - Name and Sensitive Diseases

DIACAP: DoD 6025.18 - Names (Narrow) and Common Medical Condition

DIACAP: DoD 6025.18 - Names (Narrow) and Sensitive Diseases

DIACAP: DoD 6025.18 - SSN and Sensitive Disease or Drug

DIACAP: Network Information and Security (patterns and IP)

DIACAP: Network Information and Security (textual patterns)

Export Administration Regulations (EAR)

The Export Administration Regulations (EAR) are issued by the United States Department of Commerce, and control also the usage of "dual purpose" items (i.e., commercial products that can also be used for military purposes.) The definition of "Export" includes disclosing or transferring technical data to a foreign person whether in the U.S. or abroad. The policy comprises rules for detection of probable EAR-regulated information, such as chemical formulas, information pertaining encryption technology and confidential documents. The rules for this policy are:

EAR: C family or Java (Default)

EAR: C family or Java (Wide)

EAR: CAD Files: asm file

EAR: CAD Files: drw file

EAR: CAD Files: DWG format files

EAR: CAD Files: DXF binary format files

EAR: CAD Files: DXF text format files

EAR: CAD Files: frm file

EAR: CAD Files: igs text format

EAR: CAD Files: JT file

EAR: CAD Files: prt file

EAR: CAD Files: SolidWorks files

EAR: CAD Files: stl binary format

EAR: CAD Files: stl text format

EAR: CAD Files: stp text format

EAR: CAD Files: WHIP format files

EAR: CAD Files: x_t text format

EAR: Catia format files

EAR: Chemicals and Materials (Default)

EAR: Chemicals and Materials (Narrow)

EAR: Chemicals and Materials (Wide)

EAR: Confidential documents

EAR: Corel draw format file

EAR: Encryption Technologies (Default)

EAR: Encryption Technologies (Narrow)

EAR: Encryption Technologies (Wide)

EAR: Laser and Microelectronics (Default)

EAR: Laser and Microelectronics (Narrow)

EAR: Laser and Microelectronics (Wide)

EAR: Microorganisms and Toxins (Default)

EAR: Microorganisms and Toxins (Narrow)

EAR: Microorganisms and Toxins (Wide)

EAR: Microsoft Visio Business and Technical Drawing format

EAR: Military Technologies (Default)

EAR: Military Technologies (Narrow)

EAR: Military Technologies (Wide)

EAR: Nuclear Technologies (Default)

EAR: Nuclear Technologies (Narrow)

EAR: Nuclear Technologies (Wide)

EAR: Proprietary in Document

EAR: Python (Default)

EAR: Python (Wide)

EAR: Space Technologies (Default)

EAR: Space Technologies (Narrow)

EAR: Space Technologies (Wide)

The Fair Credit Reporting Act ("FCRA") is a United States federal law. The Act is designed to help ensure that consumer reporting agencies act fairly, impartially, and with respect for the consumer's right to privacy when preparing consumer reports on individuals. The policy comprises rules for detection of personal financial information. The rules for this policy are:

FCRA: SSN and Personal Finance Terms

FCRA: DL and Personal Finance Terms

FCRA: SSN and Account

FCRA: DL and Account

FCRA: CCN: All Credit Cards

FCRA: Credit Card Magnetic Strips

FCRA: Name and Personal Finance Terms

Title 21 Part 11 of the Code of Federal Regulations (CFR) deals with the FDA guidelines on electronic records and electronic signatures in the United States. Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule. The rules for this policy are:

FDA 21 CFR: Clinical Trials

FDA 21 CFR: Controlled Drugs

FDA 21 CFR: DICOM

FDA 21 CFR: DNA Sequence

FDA 21 CFR: Name and Common Medical Condition (Default)

FDA 21 CFR: Name and Common Medical Condition (Narrow)

FDA 21 CFR: Password Dissemination for Web Traffic

FDA 21 CFR: Protein Sequence (Default)

FDA 21 CFR: Protein Sequence (Narrow)

Policy to promote compliance with the requirements imposed by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Council (NERC) to protects Critical Energy Infrastructure Information (CEII). The policy detects sensitive Energy Infrastructure Information, such as natural gas pipeline flow diagrams, various drawing and schemes files and FERC forms 567 and 715. The rules for this policy are:

FERC and NERC: CAD Files: asm file

FERC and NERC: CAD Files: drw file

FERC and NERC: CAD Files: DWG

FERC and NERC: CAD Files: DXF Binary

FERC and NERC: CAD Files: DXF Text

FERC and NERC: CAD Files: frm file

FERC and NERC: CAD Files: igs text format

FERC and NERC: CAD Files: JT file

FERC and NERC: CAD Files: prt file

FERC and NERC: CAD Files: SolidWorks files

FERC and NERC: CAD Files: stl binary format

FERC and NERC: CAD Files: stl text format

FERC and NERC: CAD Files: stp text format

FERC and NERC: CAD Files: WHIP

FERC and NERC: CAD Files: x_t text format

FERC and NERC: disclaimer

FERC and NERC: form 567

FERC and NERC: form 715

FERC and NERC: Microsoft Visio

FERC and NERC: pipeline flow diagrams

The Family Educational Rights and Privacy is a US Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. The policy detects combinations of Personally Identifiable Information (PII) like social security number or driver license number, and sensitive private information such as grades, health conditions, and names of crimes and ethnicities. The rules for this policy are:

FERPA: Driver License and Common Medical Condition

FERPA: Driver License and Ethnicities

FERPA: Driver License and Grades

FERPA: Driver License and Sensitive Disease or drug

FERPA: Name and Common Medical Condition (Default)

FERPA: Name and Common Medical Condition (Narrow)

FERPA: Name and Sensitive Disease or drug (Default)

FERPA: Name and Sensitive Disease or drug (Narrow)

FERPA: SSN and Common Medical Condition

FERPA: SSN and Ethnicities

FERPA: SSN and Grades

FERPA: SSN and Sensitive Disease or drug

The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the Federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions

The rules for this policy are:

FFIEC: 10 Digit Account Numbers

FFIEC: 5-8 Digit Account Numbers

FFIEC: 9 Digit Account Numbers

FFIEC: All Credit Card Numbers

FFIEC: Credit Card Magnetic Strips

FFIEC: Driver License

FFIEC: Password dissemination for Web traffic

FFIEC: PIN numbers

FFIEC: Suspected passwords

FFIEC: TIFF format file type

FFIEC: Zip codes with Financial Terms

The Federal Information Security Management Act of 2002 ("FISMA") imposes a mandatory set of processes that must be followed for all information systems used or operated by a US federal agency or by a contractor or other organization on behalf of a US Government agency. The policy detects combinations of Personally Identifiable Information (PII) like social security number or credit card number, with sensitive private information, such as health conditions, names of crimes, and ethnicities. Additional rules detect confidential information about the corporate network, and confidential documents. The rules for this policy are:

FISMA: CCN and Crimes

FISMA: CCN and Ethnicities

FISMA: CCN and Sensitive Disease or drug

FISMA: Confidential in Document

FISMA: Network Information and Security (patterns and IP)

FISMA: Network Information and Security (textual patterns)

FISMA: Password dissemination for Web traffic

FISMA: Proprietary in Document

FISMA: SSN and Crimes

FISMA: SSN and Ethnicities

FISMA: SSN and Sensitive Disease or drug

FISMA: Suspected Passwords

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, is a U.S. Federal regulation that includes provisions to protect consumers' personal financial information held by financial institutions. The policy contains rules to detect accounts, credit cards, and social security numbers. The policy comprises rules for detection of personal financial information and other personal information. The rules for this policy are:

GLBA: CCN (Default)

GLBA: CCN (Narrow)

GLBA: Name and 5-8 Digit Account Numbers

GLBA: Name and 9-Digit Account Numbers

GLBA: Name and 10-Digit Account Numbers

GLBA: Name and Contact Information

GLBA: Name and Personal Finance Terms

GLBA: Name and Sensitive Disease or Drug (Default)

GLBA: Name and Sensitive Disease or Drug (Narrow)

GLBA: Name and SSN

GLBA: RTN/ABA (Wide)

GLBA: RTN/ABA (Default)

GLBA: RTN/ABA (Narrow)

GLBA: SSN and Account

GLBA: SSN and Personal Finance Terms

The Health Insurance Portability and Accountability Act is a US Federal law that specifies a series of administrative, technical, and physical safeguards, organizational and documentation requirements for covered entities to use to assure the availability, confidentiality, and integrity of electronically protected health information. The policy detects combinations of Personally Identifiable Information (PII) like name, social security or credit card number, and protected health information (PHI). The rules for this policy are:

HIPAA: Credit Card and Common Medical Condition

HIPAA: Credit Card and Sensitive Disease or Drug

HIPAA: DNA Profile (Default)

HIPAA: DNA Profile (Narrow)

HIPAA: DOB and Name (Wide)

HIPAA: DOB and Name (Default)

HIPAA: ICD9 Code and Description

HIPAA: ICD9 Code and Name

HIPAA: ICD9 Description and Name

HIPAA: ICD10 Code and Description

HIPAA: ICD10 Code and Name

HIPAA: ICD10 Description and Name

HIPAA: Medical Form (Wide)

HIPAA: Medical Form (Default)

HIPAA: Medical Form (Narrow)

HIPAA: Name and Common Medical Condition (Default)

HIPAA: Name and Common Medical Condition (Narrow)

HIPAA: Name and Contact Information

HIPAA: Name and HICN

HIPAA: Name and Sensitive Disease or Drug (Default)

HIPAA: Name and Sensitive Disease or Drug (Narrow)

HIPAA: NDC Number (Wide)

HIPAA: NDC Number (Default)

HIPAA: NDC Number (Narrow)

HIPAA: SPSS Text File

HIPAA: SSN and Common Medical Condition

HIPAA: SSN and Sensitive Disease or Drug

The ITAR regulation for industry and government regulates dissemination of encryption, space, military and nuclear technology, along with source code. The rules for this policy are:

ITAR: C family or Java Source Code

ITAR: Confidential in Header or Footer

ITAR: Encryption Technologies (Default)

ITAR: Encryption Technologies (Narrow)

ITAR: Encryption Technologies (Wide)

ITAR: Military Technologies (Default)

ITAR: Military Technologies (Narrow)

ITAR: Military Technologies (Wide)

ITAR: Nuclear Technologies (Default)

ITAR: Nuclear Technologies (Narrow)

ITAR: Nuclear Technologies (Wide)

ITAR: Proprietary in Header or Footer

ITAR: Python (Default)

ITAR: Python (Wide)

ITAR: Space Technologies (Default)

ITAR: Space Technologies (Narrow)

ITAR: Space Technologies (Wide)

ITAR: SPICE Source code

ITAR: Technical Drawing files

ITAR: Verilog Source code

ITAR: VHDL Source Code

ITAR:SPICE Source code (Berkeley version)

The Management of Information Technology Security (MITS) standard defines baseline security requirements that Canadian federal departments must fulfill to ensure the security of information and information technology (IT) assets under their control. The DLP aspect of the policy applies to combinations of Personally Identifiable Information (like social insurance number or credit card number) with sensitive private information, such as health conditions, to promote compliance with the Canadian Privacy Impact Assessment mandated by MITS. Additional rules detect confidential information about the corporate network, and confidential documents, to promote compliance with the Canadian Government Security Policy. The rules for this policy are:

MITS - Confidential Documents

MITS - Password dissemination for Web traffic

MITS - Proprietary in Document

MITS - Suspected Passwords

MITS: Network Information and Security (patterns and IP)

MITS: Network Information and Security (textual patterns)

MITS: SIN and CCN

MITS: SIN and Common Medical Condition

MITS: SIN and Sensitive Disease or drug

MITS: SIN with proximity

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act (SOX) mandates public companies to comply with its requirements. This act provides strict guidelines for ensuring corporate governance and control policies for information within publicly traded companies. The Forcepoint SOX-related policy promotes compliance with the data protection aspects of SOX by detecting audit terms and SEC 10-K and 10-Q reports. The rules for this policy are:

SOX: Form 10-K (Non-Standard Fiscal Year)

SOX: Form 10-K (Standard Fiscal Year)

SOX: Form 10-Q (Non-Standard Fiscal Year)

SOX: Form 10-Q (Standard Fiscal Year)

SOX: SOX-Related Term

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Forcepoint DLP Predefined Policies and Classifiers > Data Loss Prevention policies > Regulations, Compliance and Standards > US and Canada Federal Regulations

Copyright 2017 Forcepoint. All rights reserved.