Data Loss Prevention Audit Checklist

Here are the requirements of DLP audit checklist that you need to send to your prospective vendor to know if your requirements meet his supply of solutions.

The requirements have been classified to include:

1. Host / network DLP and encryption
2. Deployment, Management, and Support
3. Vendor profile and pricing

DLP Audit Checklist

There are multiple checklists which should be followed by CASB vendors. The DLP audit checklist divided into four major parts which explain below:

Data Leakage Protection

1.Discovery, retention, and searching for data: This audit includes discovery, retention and searching for data that is at rest as well as in use and in motion.

• Discovery: The DLP solution has to mark, index and securely retain unfiltered data or data sent over unfiltered traffic network.
• Retention: It has to provide registration like fingerprinting a repository’s files and provide inventory like the full listing of files, fingerprinted or not.
• Search: Search has to be based on specified time periods and for indexed content based on different parameters like keywords, patterns, document type, location, device type, file types, file definitions, email and attachments, applications and others which may be pre-defined or not covered by existing rules.

2.Monitors, Alerts and Enforces DLP Policies

• Monitor: The sensitive data movement has to be discovered, identified and analyzed for every instance and has to include various data uses like removal, modification or transmission attempt.
• Alert: Alert the end-user or the admin when a violation is detected based on the content, context, application, user, and location.
• Enforce: Whenever a violation or incident is detected it has to define and implement enforcement actions like allow, block, reject, quarantine, encrypt, drop or delete as pre-defined in the policy.

3.Forensics / Investigation: It has to capture, store and index event data with appropriate metadata and provide a chain of custody support. It has to have established partnerships with third-party forensics tools providers

4.External Device Control: Enforce security policies on external devices by encrypting data copying, disabling based on certain criteria and implement controls on it.

5.DLP Rules Support: Two types of DLP rules support are:

• Business Regulation Support: It has to be compliant with international standards like HIPAA, DSS, GDPR, PCI etc
• Rules Creation, Extension, and Management: It has to be able to create a wide variety of flexible rules and easily customize it. It has to be flexible to tie data to specific apps, devices, and unique content patterns.

Encryption

1.General: It has to maintain persistent encryption for data at rest and in use including emails, files, folders, full disk, mobile devices and offline files.

2.Algorithms, keys, and certificates: It has to support algorithms, strong key lengths and has to have options of certificates, tokens and smart cards to protect keys.

3.Key management and recovery: Does it have centralized management for encryption policies and keys and is system repair possible in all scenarios like system damage, sudden power loss etc?

4.Encryption Management: It has to provide centralized management for encryption policies, administration, keys, and recovery. It has to have flexible policy development and update processes. It has to have patterns for rule creation and alteration and admin control on rules application.

Management and Support for End Encryption

1.Implementation, deployment, and management: It has to have creation of user/system specific policies and support centralized implementation, reporting, and management for DLP encryption.

2.Administrative Access (Rule and Role-based Access): Configuration and management of multiple administrative roles and separation of duties by assigning specific roles for different administrators have to be provided by the vendors.

3.Rule and Policy Development/Management: It has to provide hierarchical management of rules and central management across data protection and encryption policies.

4.Incident Workflow: It has to support the investigation, monitoring, and management of all aspects of reported incidents of data in use, at rest and in motion from within a centralized management console.

5.Reporting, Auditing, and Compliance: It has to have the ability to meet all regulatory requirements that apply and flexibility in determining what events to log.

6.Identity Management: Integration with user identity repositories and user management at the repository has to be given.

7.Performance: It has to have minimal impact on network and system resources when performing discovery tasks.

8.Integration with existing or planned infrastructure: It should allow integration with networks and technical infrastructure and support configuration options for other standard products.

Company Profile and Pricing for End Management and Support

1.Company Profile: It should have an excellent track record of adapting to critical market requirements.

2.Maintenance and support: It has to provide software upgrades and patches and also the access has to be web-enabled.

3.Pricing: It has to have value-added pricing model.

The companies need to match this checklist with their prospective vendors so that they will know how effective the DLP solutions are and what other requirements need to be included.