Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Compliance Overview

Aquilon DLP includes built-in compliance policy frameworks that automatically classify findings and generate violations according to regulatory requirements.

Available Frameworks

FrameworkDescriptionKey ControlsEdition
GDPREU General Data Protection RegulationArticles 5, 32, 33All
CCPACalifornia Consumer Privacy Act§1798.100-199All
HIPAAHealth Insurance Portability and Accountability Act§164.306, §164.312Enterprise
PCI DSSPayment Card Industry Data Security StandardRequirements 3, 4, 12Enterprise
SOXSarbanes-Oxley ActSections 302, 404, 409Enterprise
ISO 27001Information Security ManagementControls A.8.12, A.5.12, A.8.11Enterprise
CUIControlled Unclassified InformationNIST SP 800-171Enterprise
CMMCCybersecurity Maturity Model CertificationDFARS 252.204-7012Enterprise
FedRAMPFederal Risk and Authorization ManagementNIST SP 800-53Enterprise
FISMAFederal Information Security Modernization ActFIPS 199, NIST SP 800-53Enterprise

How Policy Frameworks Work

Each policy framework:

  1. Evaluates scan findings from all 50+ scanner plugins
  2. Applies regulatory logic to determine violations
  3. Classifies severity based on data type and details
  4. Generates metadata for compliance reporting

Example Flow

File scanned → SSN detected → HIPAA evaluates → PHI violation (Critical)
                           → PCI DSS evaluates → No violation (SSN not PAN)
                           → GDPR evaluates → Personal data violation (High)

Enabling Policies

Configure policies in aquilon_dlp_config.toml:

[policies]
enabled_policies = ["gdpr", "hipaa", "pci_dss", "sox", "iso27001", "cui", "cmmc", "fedramp", "fisma"]

# Optional: customize specific policies
# [policies.policy_configs.hipaa]
# settings = { covered_entity = "true" }

# [policies.policy_configs.pci_dss]
# settings = { merchant_level = "2" }

# [policies.policy_configs.cmmc]
# settings = { level = "2" }

Policy Configuration Options

Each policy supports configuration options:

OptionDescriptionDefault
enabledEnable/disable the policytrue
confidence_thresholdMinimum scanner confidence to generate violation0.7
sensitivity_levelAdjust severity calculation2 (1-3)

Framework-Specific Settings

HIPAA:

  • covered_entity: Whether organization is a HIPAA covered entity

PCI DSS:

  • merchant_level: PCI merchant level (1-4)
  • version: PCI DSS version (3.2.1 or 4.0)

ISO 27001:

  • enforce_data_masking: Require data masking for violations
  • classification_level: Default classification (restricted/confidential/internal/public)

Violation Severity Levels

All frameworks use consistent severity levels:

LevelDescriptionTypical Response
CriticalImmediate breach riskImmediate investigation
HighSignificant exposureInvestigate within 24 hours
MediumModerate riskInvestigate within 7 days
LowMinor concernReview during regular audit

Compliance Reporting

OSQuery Queries

Query violations by policy:

-- All HIPAA critical findings
SELECT * FROM aquilon_dlp_alerts
WHERE policy = 'HIPAA' AND severity = 'critical';

-- Policy violation summary
SELECT policy, severity, COUNT(*) as count
FROM aquilon_dlp_alerts
GROUP BY policy, severity;

-- Recent violations by framework
SELECT policy, path, scanner, severity, timestamp
FROM aquilon_dlp_alerts
WHERE timestamp > (strftime('%s', 'now') - 86400)
ORDER BY timestamp DESC;

Audit Trail

Each violation includes metadata for audit purposes:

  • Policy: Framework that generated the violation
  • Severity: Risk classification
  • Scanner: Detection method
  • Context: Surrounding text for validation
  • Timestamp: Detection time
  • File path: Location of finding

Custom Policies

Beyond built-in frameworks, create custom policies for:

  • Company-specific identifiers
  • Internal compliance requirements
  • Industry-specific patterns

See Policy Frameworks for custom policy creation.

Next Steps

  • HIPAA - Healthcare data protection
  • PCI DSS - Payment card security
  • SOX - Financial controls
  • ISO 27001 - Information security management
  • GDPR - EU data protection
  • CCPA - California consumer privacy
  • CUI - Controlled Unclassified Information (NIST SP 800-171)
  • CMMC - DoD contractor certification
  • FedRAMP - Federal cloud authorization
  • FISMA - Federal agency security