In Version 21.2 of FileCloud, the Compliance Dashboard only covers ITAR regulations. In future builds, more regulations will be covered.
The Compliance Center enables you to check which regulatory requirements your system meets and which it fails to meet. It also provides information explaining why you haven't met certain requirements, and enables you to configure compliance settings.
The Compliance Center
To open the Compliance Center, in the navigation panel, click Compliance Center.
The Overview tab
The Compliance Center opens to the Overview tab. This tab lists your enabled configurations (the only configuration currently is ITAR) and recent compliance events.
In the image below, the box under Enabled Configurations displays an ITAR icon and a slider that indicates that ITAR compliance is enabled. The box also indicates that 8 of the 14 compliance rules are being evaluated and that two of the rules failed the last evaluation.
The ITAR Tab
The ITAR tab lists the rules for the regulation and whether the system is compliant with each rule or has issues.
You can enable or disable each rule, change the settings that are evaluated, and manually mark a rule as compliant in this tab.
Hover over the description under FileCloud Configuration for more details about how to configure the rule's setting. For even more information, click the row's information icon.
If Status indicates that there are issues, click the warning icon to see details of the issue.
How to set up and check compliance
Follow these steps to enable and configure compliance checking and review your compliance status.
1) Enable ITAR compliance checking
- In the Admin portal's navigation panel, click Compliance Center.
The Compliance Center opens to the Overview tab.
Under Enabled Configurations, click the slider for ITAR compliance.
Click the ITAR tab, and click the slider at the top of the screen.
After ITAR Compliance checking has been enabled, you can enable or disable checking for each rule by toggling the slider to its right. Notice that compliance status is checked as soon as you enable the rule.
Some rules prompt you to enter settings when you enable them. See the next procedure.
When enable a rule that has a setting that must be configured in the Compliance Center, you are prompted to enter the setting before the rule is enabled. You are not required to enter the setting, but if you do not Status indicates there are issues.
2) Configure Compliance Settings
You can configure the compliance settings directly from the Compliance Center for any rules with an Edit icon under Actions. When you enable the rule, you are prompted to enter settings, but you are not required to enter them.
After you configure the setting, you can change it by clicking the edit icon in the row for the rule:
For many rules, you must navigate to other pages in FileCloud and configure settings. As validation, the compliance tool will verify that the settings are configured correctly when you enable the rule.
For instructions on how to configure the settings, click the Information icon in the row for the rule.
Some rules only need your verification that you are complying with them. Simply enable the rule to confirm that you have complied.
You have the option of bypassing FileCloud's compliance checking for most rules, so that whether or not the rule would be considered compliant by FileCloud's verification process, Status will display BYPASSED with a green check.
Note that you cannot bypass rules that only require you to enable them to to make them compliant, as there is no validation to bypass.
To bypass a rule, enable it, then click the Information icon, and check Bypass check for this rule and mark as passed.
3) Run compliance checks
FileCloud automatically checks a rule for compliance when it is enabled and rechecks compliance for all rules in ITAR once per day. If you make changes in your system or want to make sure you have the most recent check, you can manually run a compliance check.
To manually run a compliance check, in the tab for the compliance, click Refresh All.
4) Review compliance status
Review your compliance status regularly to make sure all of your rules remain compliant.
You can view a summary of the number of rules you have enabled for checking, and how many of them failed or were bypassed on the Overview tab or at the top of the ITAR tab.
On the ITAR tab, you can review whether each enabled rule's compliance check was OK, had issues, or was bypassed by viewing its Status.
If the Status column for a rule displays Issues and an error icon, click on the status to view information about the problem.
For basic information on how to comply with a rule, hover over the description under FileCloud Configuration. For more specific instructions, click the Information icon in the row for the rule. To see the text of the rule in the Code of Federal Regulations, click the rule number.
|Rule (click to see text)||Description||Steps for complying||Validation|
|120.6||Identify which documents are defense articles.|
In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies defense articles.
|If the metadata set exists and is enabled, status is OK; if not, status is Issues.|
|120.10||Identify which files contain technical data.|
In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies technical data.
(To carry out compliance, you must use smart classification to apply the metadata tag to technical data.)
|If the metadata set exists and is enabled, status is OK; If not, status is Issues.|
|120.13||Only allow access to the system from within the US.||In the Compliance Center, click the Edit button for the rule, and select a DLP rule that blocks users from logging in from outside locations. Only DLP rules for the LOGIN action are available for selection.||If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from outside the US, status is Issues.|
|120.15||Only allow US residents to access the system.||Enabling the rule to confirm that your system checks if all users are US residents is all that is necessary to pass the compliance check.||None|
|120.17||Do not permit public sharing.||If the DLP rule exists and is enabled and there are no existing public shares, status is OK; if not, or if modifications to the rule allow public shares, status is Issues.|
|120.25||Allow at least one user access to the Compliance system.|
If one or more Admin users have access to the Compliance Center, status is OK; if not, status is Issues.
|120.50||Prevent unauthorized access to data by non-US residents.||Install FileCloud with an enterprise license or a license that includes a Digital Rights Management (DRM) component.||If a proper license is installed, status is OK; if not, status is Issues.|
|120.54(2)(3)||Prevent data from being shared with non-US entities.||Remove any existing public shares or change them to private.||If any public shares exist, status is Issues.|
|120.54(5)||Confirm that data is only transferred between US entities.||If HTTPS is not used, storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues.|
|120.55||Keep decryption methods secure.||Enabling the rule to confirm that decryption keys are kept confidential in your system is all that is necessary to pass the compliance check.||None.|
|123.1||Ensure that proper permission is given if data is shared with non-US entities|
If Set Share Mode is Allow All Shares or any public shares exist, status is Issues.
|123.26||Maintain records of all data shared with non-US entities||In the Admin portal, go to Settings > Admin and set the Audit Logging Level to FULL.||If Audit Logging Level is set to OFF or REQUEST, status is Issues.|
|126.1||Deny access to the system by prohibited countries|
In the row for the rule in the Compliance Center, click the Edit button and select a DLP rule that blocks users from logging in from those countries.
Only DLP rules for the LOGIN action are available for selection.
|If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from those countries, status is Issues.|
|127.1||Confirm that reports of violations of compliance rules can be exported.||Enabling the rule to confirm that there is functionality to export reports of compliance rule violations from this page is all that is necessary to pass the compliance check.||None|