Skip to content

Commit

Permalink
Updating DLP Policy to Common Controls (#469)
Browse files Browse the repository at this point in the history 
* Updated Resource Link for DriveDocs 3.1 (#400)

* Fixes Numbering Issue in GMAIL 5.3 Instructions (#399)

* Fixed numbering issue in instruction for 5.3

* Update baselines/gmail.md

End with a period for automation processing reasons.

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* New Common Controls policy for Early Access App Access controls (#371)

* Added Policy Group 18

* Added Drift Rule for Policy Group 18

* Fixed Table of Contents

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>

* Fixed Implementation

* Added Policy Under Policy Group 16

* Fixed Policy Group 16 Intro

* Changed Security to Secure in header

* Fixed TOC

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>

* Fixed drift rule files

* Update baselines/commoncontrols.md

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>
Co-authored-by: mdueltgen <[email protected]>

* Updated Location of Setting in DriveDocs 6.1 Instructions (#404)

* Updated location of setting in instructions and fixed bolding

* Update baselines/drive.md

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* Updating Common Controls 11.2 Implementation Instructions #375 (#411)

* updated location of setting in implementation instructions

* adding in periods

* Update baselines/commoncontrols.md

Co-authored-by: David Bui <[email protected]>

* Update baselines/commoncontrols.md

removed extra period

Co-authored-by: David Bui <[email protected]>

* Remove double period in overview

---------

Co-authored-by: David Bui <[email protected]>

* Updating Common Controls 12.1 Implementation Steps (#414)

* Updated location for takeout admin control based on update to data tab in admin console

* Update baselines/commoncontrols.md

Fixes capitalization of import/export per admin console

Co-authored-by: Alden Hilton <[email protected]>

* removing unnecessary save step

---------

Co-authored-by: Alden Hilton <[email protected]>

* Update location of rules setting in admin console in implementation steps. (#418)

* Updating Common Controls 15.1 Implementation Steps (#420)

* udpated location of setting for data regions in instructions

* Update baselines/commoncontrols.md

removed S in compliances

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* Fixed backslashes/forwardslashes bug in Common Controls Baseline (#426)

* Changed Early Access to Early Access Apps (#428)

* Add Data at Rest processing policy to Common Controls baseline (#434)

* Added Policy 15.2 and renamed previous 15.2 to 15.3

* adding drift rule for 15.2

* Added TTP Mappings

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* Update drift-rules/GWS Drift Monitoring Rules - Common Controls as of 11-14-23.csv

Co-authored-by: Alden Hilton <[email protected]>

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: mdueltgen <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>

* Clarifying Implementation Steps of CommonControls13.1 (#445)

* Updated Resource Link for DriveDocs 3.1 (#400)

* Fixes Numbering Issue in GMAIL 5.3 Instructions (#399)

* Fixed numbering issue in instruction for 5.3

* Update baselines/gmail.md

End with a period for automation processing reasons.

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* Updating Classroom 1.2 Instructions (#407)

* New Common Controls policy for Early Access App Access controls (#371)

* Added Policy Group 18

* Added Drift Rule for Policy Group 18

* Fixed Table of Contents

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>

* Fixed Implementation

* Added Policy Under Policy Group 16

* Fixed Policy Group 16 Intro

* Changed Security to Secure in header

* Fixed TOC

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>

* Fixed drift rule files

* Update baselines/commoncontrols.md

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>
Co-authored-by: mdueltgen <[email protected]>

* Updated Location of Setting in DriveDocs 6.1 Instructions (#404)

* Updated location of setting in instructions and fixed bolding

* Update baselines/drive.md

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* Updating Common Controls 11.2 Implementation Instructions #375 (#411)

* updated location of setting in implementation instructions

* adding in periods

* Update baselines/commoncontrols.md

Co-authored-by: David Bui <[email protected]>

* Update baselines/commoncontrols.md

removed extra period

Co-authored-by: David Bui <[email protected]>

* Remove double period in overview

---------

Co-authored-by: David Bui <[email protected]>

* Updating Common Controls 12.1 Implementation Steps (#414)

* Updated location for takeout admin control based on update to data tab in admin console

* Update baselines/commoncontrols.md

Fixes capitalization of import/export per admin console

Co-authored-by: Alden Hilton <[email protected]>

* removing unnecessary save step

---------

Co-authored-by: Alden Hilton <[email protected]>

* Update location of rules setting in admin console in implementation steps. (#418)

* Updating Common Controls 15.1 Implementation Steps (#420)

* udpated location of setting for data regions in instructions

* Update baselines/commoncontrols.md

removed S in compliances

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>

* Fixed backslashes/forwardslashes bug in Common Controls Baseline (#426)

* Changed Early Access to Early Access Apps (#428)

* Add Data at Rest processing policy to Common Controls baseline (#434)

* Added Policy 15.2 and renamed previous 15.2 to 15.3

* adding drift rule for 15.2

* Added TTP Mappings

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* Update drift-rules/GWS Drift Monitoring Rules - Common Controls as of 11-14-23.csv

Co-authored-by: Alden Hilton <[email protected]>

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: mdueltgen <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>
Co-authored-by: David Bui <[email protected]>

* updating implementation steps for 13.1 to clarify editting rules

* fixed numbering and removed old language about having to click show more which doesn't exist anymore in the admin consle.

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* Update baselines/commoncontrols.md

Co-authored-by: Alden Hilton <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>
Co-authored-by: jkaufman-mitre <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>

* first draft of new DLP changes

* TOC update, group description, clarifying implementation steps

* removing extra spacing

* first draft of new DLP changes

* TOC update, group description, clarifying implementation steps

* removing extra spacing

* updating drift rules

* updating implemetnation steps for actions, adding should block external sharing policy

* draft for condition rules for Credit card/ITIN/SSN

* updated TOC for chat/drive

* adding in drift rules

* Apply suggestions from code review

Co-authored-by: Alden Hilton <[email protected]>

* code changes based on comments

* code changes udpating implementation steps across policy group 18

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>

* replacing add instead of actions

* Apply suggestions from code review

Parity w/ m365 and scubagear
3rd party DLP options
license info

Co-authored-by: David Bui <[email protected]>

* updating TOC

* Apply suggestions from code review

Co-authored-by: David Bui <[email protected]>

---------

Co-authored-by: David Bui <[email protected]>
Co-authored-by: jkaufman-mitre <[email protected]>
Co-authored-by: Alden Hilton <[email protected]>
  • Loading branch information
@mdueltgen @buidav
@jkaufman-mitre @adhilto
4 people authored Oct 29, 2024
1 parent 7b4f9e1 commit ef2decc
Show file tree
Hide file tree
Showing 6 changed files with 141 additions and 102 deletions.
61 changes: 6 additions & 55 deletions baselines/chat.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ This baseline is based on Google documentation available at [Google Workspace Ad
- [External File Sharing](#2-external-file-sharing)
- [History for Spaces](#3-history-for-spaces)
- [External Chat Messaging](#4-external-chat-messaging)
- [DLP Rules](#5-dlp-rules)
- [Content Reporting](#6-content-reporting)
- [Content Reporting](#5-content-reporting)

Settings can be assigned to certain users within Google Workspace through organizational units, configuration groups, or individually. Before changing a setting, the user can select the organizational unit, configuration group, or individual users to which they want to apply changes.

Expand Down Expand Up @@ -198,62 +197,14 @@ Alternatively, to disable external chat entirely:
4. Select **OFF**
5. Select **Save**.

## 5. DLP rules

This recommendation applies only to agencies that allow external sharing (see section 2.1).

Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP gives you control over what users can share and prevents unintended exposure of sensitive information.

DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels.

### Policies

#### GWS.CHAT.5.1v0.3
Agencies SHOULD configure DLP rules to block or warn on sharing files with sensitive data.

- _Rationale:_ Data Loss Prevention (DLP) rules help identify and limit the sharing of sensitive content, protecting agency information. By blocking and/or having warnings on these DLP-scanned files from being shared with users, the risk of unintentional introduction of sensitive content is reduced.
- _Last modified:_ July 10, 2023

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)
- [T1213:001: Data from Information Repositories:Confluence](https://attack.mitre.org/techniques/T1213/001/)
- [T1213:002: Data from Information Repositories:Sharepoint](https://attack.mitre.org/techniques/T1213/002/)

### Resources

- [How to use predefined content detectors - Google Workspace Admin Help](https://support.google.com/a/answer/7047475#zippy=%2Cunited-states)
- [Get started as a Drive labels admin - Google Workspace Admin Help](https://support.google.com/a/answer/9292382?hl=en)
- [CIS Google Workspace Foundations Benchmark](https://www.cisecurity.org/benchmark/google_workspace)

### Prerequisites

- None

### Implementation

#### GWS.CHAT.5.1v0.3 Instructions
1. Sign in to the [Google Admin Console](https://admin.google.com).
2. Select **Menu -\> Security -\> Access and data control -\> Data protection**.
3. Click **Manage Rules**. Then click **Add rule** -\> **New rule** or click **Add rule** -\> **New rule from template**. For templates, select a template from the Templates page.
4. In the **Name** section, add the name and description of the rule.
5. In the **Scope** section, apply this rule only to the entire domain or to selected organizational units or groups, and click **Continue**. If there's a conflict between organizational units and groups in terms of inclusion or exclusion, the group takes precedence.
6. In the **Apps** section, choose the trigger for **Google Chat, Message Sent or File Upload**, and click **Continue**.
7. In the **Conditions** section, click **Add Condition**.
8. Configure appropriate content definition(s) based upon the agency's individual requirements and click **Continue**.
9. Select the appropriate action to warn or block sharing, based upon the agency's individual requirements.
10. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
11. Review the rule details, mark the rule as **Active**, and click **Create.**

## 6. Content Reporting
## 5. Content Reporting

This section covers the content reporting functionality, a feature that allows users to report messages that violate organizational guidelines to workspace admins.

### Policies

#### GWS.CHAT.6.1v0.3
#### GWS.CHAT.5.1v0.3
Chat content reporting SHALL be enabled for all conversation types.

- _Rationale:_ Chat messages could potentially be used as an avenue for phishing, malware distribution, or other security risks. Enabling this feature allows users to report any suspicious messages to workspace admins, increasing threat awareness and facilitating threat mitigation. By selecting all conversation types, agencies help ensure that their users are able to report risky messages regardless of the conversation type.
Expand All @@ -262,7 +213,7 @@ Chat content reporting SHALL be enabled for all conversation types.
- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)

#### GWS.CHAT.6.2v0.3
#### GWS.CHAT.5.2v0.3
All reporting message categories SHOULD be selected.

- _Rationale:_ Users may be uncertain what kind of messages should be reported. Enabling all message categories can help users infer which types of messages should be reported.
Expand All @@ -279,15 +230,15 @@ All reporting message categories SHOULD be selected.

### Implementation

#### GWS.CHAT.6.1v0.3 Instructions
#### GWS.CHAT.5.1v0.3 Instructions
1. Sign in to the [Google Admin Console](https://admin.google.com).
2. Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Chat**.
3. Click **Content Reporting**.
4. Ensure **Allow users to report content in Chat** is enabled.
5. Ensure all conversation type checkboxes are selected.
6. Click **Save**.

#### GWS.CHAT.6.2v0.3 Instructions
#### GWS.CHAT.5.2v0.3 Instructions
1. Sign in to the [Google Admin Console](https://admin.google.com).
2. Select **Menu** -> **Apps** -> **Google Workspace** -> **Google Chat**.
3. Click **Content Reporting**.
Expand Down
127 changes: 127 additions & 0 deletions baselines/commoncontrols.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ This baseline is based on Google documentation and addresses the following:
- [Data Regions](#15-data-regions-and-storage)
- [Additional Google Services](#16-additional-google-services)
- [Multi-Party Approvals](#17-multi-party-approval)
- [Data Loss Prevention](#18-data-loss-prevention)

## Assumptions

Expand Down Expand Up @@ -1238,3 +1239,129 @@ To configure additional services per the policy:
2. Navigate to **Security** -> **Authentication** -> **Multi-party approval settings**.
3. Ensure **Require multi party approval for sensitive admin actions** is checked.
4. Click **Save**.

## 18. Data Loss Prevention

Using data loss prevention (DLP), organizations can create and apply rules to control the content that users can share in files outside the organization. DLP helps you control what users can share and helps prevent unintended exposure of sensitive information.

DLP rules can use predefined content detectors to match PII (e.g., SSN), credentials (e.g., API keys), or specific document types (e.g., source code). Custom rules can also be applied based upon regex match or document labels.

There are several commercial DLP solutions available that document support for Google Workspace. Google itself offers DLP services. Agencies may select any service that fits their needs and meets the baseline requirements outlined in this policy group. The DLP solution selected by an agency should offer services comparable to those offered by Google.

Though use of Google's DLP solution is not strictly required, guidance for configuring Google's DLP solution can be found in the instructions of this policy section.

### Policies
#### GWS.COMMONCONTROLS.18.1v0.3
A custom policy SHALL be configured for Google Drive to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).

- _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
- _Last modified:_ October 25, 2024

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)


#### GWS.COMMONCONTROLS.18.2v0.3
A custom policy SHALL be configured for Google Chat to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).

- _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
- _Last modified:_ October 25, 2024

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)

#### GWS.COMMONCONTROLS.18.3v0.3
A custom policy SHALL be configured for Gmail to protect PII and sensitive information as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).

- _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
- _Last modified:_ October 25, 2024

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)

#### GWS.COMMONCONTROLS.18.4v0.3
The action for the above DLP policies SHOULD be set to block external sharing.

- _Rationale:_ Users may inadvertently share sensitive information with others who should not have access to it. DLP policies provide a way for agencies to detect and prevent unauthorized disclosures.
- _Last modified:_ October 25, 2024

- MITRE ATT&CK TTP Mapping
- [T1530: Data from Cloud Storage](https://attack.mitre.org/techniques/T1530/)
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
- [T1048:002: Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1048/002/)
- [T1213: Data from Information Repositories](https://attack.mitre.org/techniques/T1213/)

### Resources
- [GWS Admin Help \| Protect sensitive information using DLP](https://support.google.com/a/topic/7556687?hl=en&ref_topic=7558840&fl=1&sjid=4459086914710819343-NA)
- [GWS Admin Help \| Use Workspace DLP to prevent data loss](https://support.google.com/a/answer/9646351?hl=en&visit_id=638635679011849528-69139467&ref_topic=9646660&rd=1)
- [GWS Admin Help \| Create DLP for Drive rules and custom content detectors](https://support.google.com/a/answer/9655387)
- [GWS Admin Help \| Prevent data leaks from Chat messages & attachments](https://support.google.com/a/answer/10846568)
- [GWS Admin Help \| Prevent data leaks in email & attachments](https://support.google.com/a/answer/14767988?fl=1&sjid=4620103790740920406-NA)

### Prerequisites
If using Google's DLP solution, the following editions of Google Workspace include Workspace DLP: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus.

Drive DLP and Chat DLP are available to Cloud Identity Premium users with a Google Workspace license. For Drive DLP, the license must include the Drive log events.

### Implementation

#### GWS COMMONCONTROLS 18 Common Instructions
1. Sign in to the [Google Admin Console](https://admin.google.com).
2. Select **Menu -\> Security -\> Access and data control -\> Data protection**.
3. Under **Data protection rules and detectors** click **Manage Rules**.
4. Click **Add rule** -\> **New rule**.

#### GWS.COMMONCONTROLS.18.1v0.3 Instructions
1. In the **Name** section, add the name and description of the rule.
2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
3. In the **Apps** section, under **Google Drive**, choose the trigger for **Drive files**, then click **Continue**.
4. In the **Conditions** section:
1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Indentification Number**. Select the remaining condition properties according to agency need.
3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
5. In the **Actions** section, select **Block external sharing** (per [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
7. Review the rule details, mark the rule as **Active**, and click **Create.**

#### GWS.COMMONCONTROLS.18.2v0.3 Instructions
1. In the **Name** section, add the name and description of the rule.
2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
3. In the **Apps** section, choose the trigger for **Google Chat, Message sent, File uploaded** then click **Continue**.
4. In the **Conditions** section:
1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Indentification Number**. Select the remaining condition properties according to agency need.
3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
5. In the **Actions** section, select **Block**. Under **Select when this action should apply**, select **External Conversations**, **Spaces**, **Group chats**, and **1:1 chats** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
7. Review the rule details, mark the rule as **Active**, and click **Create.**

#### GWS.COMMONCONTROLS.18.3v0.3 Instructions
1. In the **Name** section, add the name and description of the rule.
2. In the **Scope** section, apply this rule to the entire domain and click **Continue**.
3. In the **Apps** section, choose the trigger for **Gmail, Message sent** then click **Continue**.
4. In the **Conditions** section:
1. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **Global - Credit card number**. Select the remaining condition properties according to agency need.
2. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Individual Taxpayer Indentification Number**. Select the remaining condition properties according to agency need.
3. Click **Add Condition**. For **Content type to scan** select **All content**. For **What to scan for** select **Matches predefined data type**. For **Select data type** select **United States - Social Security Number***. Select the remaining condition properties according to agency need.
4. Configure other appropriate content and condition definition(s) based upon the agency's individual requirements and click **Continue**.
5. In the **Actions** section, select **Block message**. Under **Select when this action should apply**, check **Messages sent to external recipients** (See [GWS.COMMONCONTROLS.18.4v0.3](#gwscommoncontrols184v03)).
6. In the **Alerting** section, choose a severity level, and optionally, check **Send to alert center to trigger notifications**.
7. Review the rule details, mark the rule as **Active**, and click **Create.**

#### GWS.COMMONCONTROLS.18.4v0.3 Instructions
1. For each rule in the **Actions** section follow steps depending on application:
1. For Google Drive policies select **Block external sharing**.
2. For Chat policies rules select **Block message** and select **External Conversations** and **Spaces**, **Group chats**, and **1:1 chats**.
3. For Gmail policies select **Block message** and select **Messages sent to external recipients**.
2. Click **Continue**.
Loading

0 comments on commit ef2decc

Please sign in to comment.