← Policies

Data Loss Prevention

Application Information

A DLP agent will be utilized to limit data-related threats including the risks of data loss and the exposure of sensitive data. Netwrix Endpoint Protector (EPP) has been selected as the application to provide the necessary security layers for usb device protection and data loss prevention.

Enforcement

Policies set within the Endpoint Protector management console will block the use of external storage devices. Additionally, content aware protection will be enabled to block the transport of personally identifiable information (PII) such as social security numbers, credit card numbers, and other sensitive data.

Exception Process

In the event of blocked content, users will be presented with a self-remediation dialog to request access to the data. Users will be required to provide a business justification in order to allow the content. All user remediation requests are logged and reviewed per the guidelines below. Alternatively, users may request an exception through the self-service ticketing system. All requests will be reviewed and approved or denied on a case by case basis with the record of the decision stored within the self-service-ticket.

Configuration Management and Access

Netwrix Endpoint Protector will be installed and verified on all endpoints by Jamf Pro. If the agent is removed, Jamf Pro will re-install it. Only selected users within the Digital Ground Control team, JH Corp Security Teams, and JH Corp Service Desk support team members will have access to modify these policy configurations

Logging and Review Process

The Endpoint Protector management console will provide reporting on licensing, policy distribution, and all events related to device control and content aware protection. Jamf Pro will provide reporting on installed software, and software versions. Reviews of this data will occur every quarter. Reviews will be tracked in a Jira project and any data collected will be stored in a GitHub repository.

A review consists of acquiring samples from five machines to confirm all of the following are true:

  • EPP is installed on the device.
  • The installed EPP version meets or exceeds the current baseline version.
  • EPP is properly licensed on the device.
  • The device is actively receiving policies from the EPP management server.
  • When PII is transported, it is identified and blocked as expected.
    • This is intended to be a live test of the content aware protection mechanism, therefore, it requires coordination with the end user. This test is facilitated by running a policy from Jamf Self Service.

Additionally, all self-remediated content aware protection logs will be reviewed for accuracy and uploaded to the GitHub repository.

Published DateUpdated Date
9-1-2211-06-2025