DLP Compliance Sheet

May 31, 2024 Ala' Zayadeen

 Instructions for the questionnaire
Vendors should answer the questions in the following worksheets that cover various requirement areas. Each
question should be answered. If an area or requirement is not covered by your solution, please indicate so.

The selected respondents should fill in the worksheets according to the defined structure. The evaluation and decision
making is based on this structure and if answers are not provided in this format, the Respondent will be eliminated from
the analysis.

The answers to the questions should be concrete and specific, highlighting examples.
The main answer should be written in this excel sheet. In addition, the respondents are encouraged to use screen shots
or other similar measures in order to describe the functionalities and capabilities of their solutions.

We have an internal grading of each requirement which expresses the importance of the requested features.
The grading of the requirements is not disclosed to the tenders but used for internal evaluation purposes.

Each functional requirement must be marked with one - and only one - of the following classification:
F : Fully provided ,Standard out of the box i.e. no configuration or adjustments required
P : Partially provided, Basic Configuration required or might need third party add-on
R : Planned in a Future release
N : Not Provided .
 Req. Response
Classification (M,D) Requirements Recommended Solution/Module
number (F,P,R,N)

Technical Requirements

1 Compliance and Vendors Qualifications

1.01 M The vendor must adhere to any XXX directions/regulations

regarding any data protection/security controls including all
related xx requirements documented in cyber security
resillience instructons .
The vendor should have a qualified team with certifications
1.02 M information/cyber security ,includes but not limited to i.e.
CISSP,CISM,ISO27001 LI/LA, CEH.
The vendor should have Banking references and
1.03 M Implementation in Jordan for the same solution.
2 Policies and Content detection
The Solution should have the ability to use a single policy to
scan data where ever it is stored, transmitted or used, both
2.01 M on the network and on the endpoint? Will the system
automatically apply the relevant response to the threat
detected?

Do you provide a centralized interface for policy editing and

policy management, across all products (across monitoring
2.02 M and prevention and across network and endpoint)? Please
explain any aspects of policy editing or management that are
not covered by the centralized interface.
 Policies Should be defined based on any of the following:
content, sender/recipient, file characteristics, and
2.03 M communications protocol.

The system should provide policies to detect and prevent

2.04 M insider (employee) data theft

The Solution Should allow for configurable scoring of incident

2.05 M severity based on the amount of data exposed .

The Solution Should have predefined detection policies to

cover regulations and detection best practices, including pre-
2.06 M defined expersions for commonly required regulations?
Please provide a complete list of supported policies and
regulations .

Does your system provide pre-defined policies to identify

2.07 D Malware threads (I.E. Malware communications or malware
data theft, etc.)? Please explain

The solution should pre-defined policies for Data sent During

2.08 D Unusual Hours?

The solution policies should be defined once and used for

2.09 M both network (agentless) and agent-based discovery in a
centralized management interface

The Soultion should extract and inspect the text content of

files and attachments?
2.10 M Please provide a complete list of supported file types for
which your system can extract and inspect text content.

The Solution should inspect metadata on files when

2.11 M inspecting stored content?
 The Solution should use robost hashing algorithm or
2.12 M mechanism to fingerprint files in storage and being
transmitted.

The Solution should recursively inspect the contents of

2.13 M compressed (e.g. ZIP, TAR, RAR) archives and detect against
fingerprinted content?

Can your system deal with very large files or attachments

(20MB and larger) during the detection process of
2.14 D fingerprinted content? What is the maximum file size the
system can reliably process for confidential content
detection

The Solution shall provide information about the false

2.15 D positive and false negatives percentages

The Solution should provide ODBC connection to databases

2.16 M for fingerprinting?

Does your method of detecting fingerprinted documents

support detection of the same text or portions of text in
different file formats? For example, if a fingerprinted
2.17 D document is in Microsoft Word format, will your system
detect that same text that has been cut and pasted into an
email directly?

Solution should provide capablity of fingerprint databases

2.18 M and use the fingerprinted hash in data leakage or discovery
policies.
The Solution should support file fingerprinting in Sharepoint
2.19 M online?

The Solution should support described content detection

2.20 M using fully customizable rules with keywords and key phrases
 The Solution should detect malware attempting to send data
2.21 M over the internet or make contact with a malicious server

The Solution should support detection based on a particular

2.22 M document type, even if the sender has changed the file
extension

solution should provide capablity of detection sensitive

2.23 M information within images or scan documents (OCR engine),
especially those documents sent by emails.

Solution should support the detection of confidential data in

2.24 M different languages
Arabic and English)

The solution should provide a method for fingerprinting

2.25 M structured data such as customer records

The Solution should support data discovery for Exchange

2.26 M Online (Office 365) using Microsoft APIs

3 Automated Response & Enforcement

The Solution should ve capable of sending Alerts by
3.01 M Emails/SMS.
The Solution should support the ability to automatically
3.02 M notify senders or their managers when a policy has been
violated
The Solution should support the ability to provide on-screen
3.03 M notifications to users for endpoint based violations

The automated response actions be defined by different

3.04 M parameters, such as the policy violated, the severity of the
incident, the number of matches found, the communications
protocol used, the connected status of the endpoint? Please
Explain .
 4 Incident Response Workflow
The incident should include a clear indication of how the
transmission or file violated policy (not just which policy was
violated), including clear identification of which content
4.01 M motivated the match.

Is it possible to view identity information on the sender (such

as full name, manager name, business unit) and destination
of the transmission (e.g., data sent to a blog, chat board,
4.02 D spyware site)?

Each user in the workflow can be assigned to the

4.03 D remediation of a certain set of incidents

4.04 D Is it possible to add custom attributes to incidents to

correlate with custom remediation business process
The Solution should support industry best practices for
4.05 M incident response? Please explain
Can your system control incident access based on role and
4.06 D policy violated

4.07 M Is it possible to hide forensic data (transaction data) in the

incident view.
5 Access Control

5.01 M The Solution shoul create separate roles for technical

administration of servers, user administration, policy
creation and editing, incident remediation, and incident
viewing for data at rest, in motion, or at the endpoint

5.02 M The Solution should provide a method to investigate any

unauthorized or irregular changes made to the system (I.E.
change to user accounts, export incidents, create reports,
etc.)
5.03 M The Solution should support segregation of duties based on
roles/groups
6 DLP (Endpoint )
Bidder should list operating system environments supported
6.01 M by his DLP endpoint agent

The endpoint solution should detect /encrypt user attempts

6.02 M to copy confidential data to removable storage devices (e.g.
USB drives, floppy, CD/DVD, etc.

The endpoint should have the ability to monitor/prevent the

following
a) Cut/Copy
b) Paste
6.03 M c) Print Screen
d) File Access
e) Print (network and endpoint)

The endpoint solution should provide continuous

6.04 M monitoring/protection of confidential data regardless of
whether the user is on or off the network.

The endpoint solution should support detection based on

6.05 M fingerprinting of content?
The endpoint solution should support automatic agent
6.06 M updates and policy changes without requiring third party
tools.
The endpoint solution should secure the agent from end user
6.07 M tampering

The endpoint solution shall ensure that communications

6.08 D between agents and server are authenticated and secure
 The agent should perform detection locally, avoiding the
6.09 M need to transmit data over the network

The agent-based scanning continue to operate when the

6.10 M machine is off the network

6.11 M The endpoint DLP solution should support monitoring and

blocking of sensitive data uploads to cloud application
solutions such as DropBox and Google Drive

6.12 M The solution should allow administrator to take action on the

endpoint agent from the console like change group, change
server, restart, get agent logs
7 DLP ( Network ,Email , Web )
The solution should monitor and enforce without adding
7.01 M latency or failure points to the network

The Solution should monitor web traffic, including web mail,

7.02 M web postings, and other protocols using HTTP and HTTPS
including uploaded file.

the solution should monitor/prevent network printing of

7.03 M confidential information.

The Solution should be capable to monitor/block both active

7.04 M and passive FTP traffic.

The Solution should monitor and prevent transferring

7.05 M confidential data through the remote desktop protocol, LAN
Manager (LAN Man).

The Solution should monitor/prevent instant messaging

7.06 M traffic, please give examples
 The Solution should block/encrypt outbound emails that are
7.07 M in violation of company policy on confidential data, with
proper notification for the senders and admins.

The solution should support content aware blocking of

7.08 M network transmissions over HTTP/HTTPS natively, and
provide notifications.
The Soluton should automatically quarantine and delete files
7.09 M which violate policy.

The solution should use ICAP as a means to communicate

7.10 M with web proxies for traffic inspection

The Solution should monitor and block the copy of

7.11 M confidential data to network shares .
8 Reporting & Analytics
The Solution should include reports for detecting high-risk or
8.01 M suspicious user activity

8.02 M Does you solution include web-based favorite reports by

administrator

8.03 M Can your system generate trend reports, including

summarization for different time segments and trend graphs
8.04 M Report data should be exported to formats such as a PDF or
HTML
8.05 D
Reports should be graphically displayed and printed

8.06 D Can reports be emailed directly from the UI without manual

re-formatting? Can these email reports be edited if
customization is required for company-specific formatting
8.07 D Is there a ”dashboard” view designed for use by executives
that can combine information from data in motion
(network), data at rest (storage), and data at the endpoint
(endpoint) in a single view
8.08 M Does your system come with a prepackaged set of reports?
Please provide a complete list.
8.09 D The solution should have the ability to anonymize the DLP
reports

8.10 D The Solution should provide Configurable risk dashboards

simultaneously showing different reports from storage,
network, endpoint and cloud
9 Scaning Management
9.01 M The Solution should provide a single management interface
for all scan configuration and control.
The Solution should leave the "last accessed" attribute of
9.02 M scanned files unchanged so as not to disrupt enterprise
backup processes.
9.03 M The Solution should support automatically scheduled,
repeat scanning?
The System should automatically limit scanning during
9.04 M certain configurable time windows, such as during daytime
work hours?

9.05 M The Solution should support incremental scanning to reduce

the volume of data to be scanned?
9.06 D
Can your Solution run multiple scans in parallel?
9.07 M Scan progress should reported centrally while scans are
running.
10 General
10.01 D How long can logs be retained? Can they be saved off the
system? If yes, please provide detailed information on how
logs can be saved off the system.

10.02 M The Solution should support integration with a Security

Incident Event Management (SIEM) tool?

10.03 M The solution should monitor/protect the information

(emails, calendar events, etc.) synchronized to user’s mobile
devices when they connect to the network
The Solution should support automatic discover of the new
10.04 M endpoints and push the DLP agent with the default
protection policies.

10.05 M Bidder should provide detailed product manuals & brochures

for all the equipment at the time of delivery
The solution should easily scale to accommodate
10.06 M organization growth and the decision to expand DLP
detection capabilities
The proposed solution must be able to enforce on Microsoft
10.07 M ActiveSync without the need for 3rd party licensing to
enable.
 Comments
(Brief description on HOW your solution
supports the requirement)