XRule: Search for Personally Identifiable Information

Use the Search for Personally Identifiable Information rule to search for the presence of form control names in an HTML-based document on your website that might indicate that the form is requesting Personally Identifiable Information.

The text fields in the template XRules all accept regular expressions as long as they are preceded by regexp:. They do not accept DOS expressions.

Page element Description
Name The name assigned to the XRule.
Description (optional) Describe the purpose of the XRule so that users can understand what it is searching for.
Report the forms that contain these control names Enter the text that must be found within the form control name and click Add. Use plain text or regular expressions (prefix with regexp:).
Control name Displays existing control names that the scan job will search for when the scan runs. If you do not want certain control names searched for, select them and click Remove.
The number of form control names that must match to report the form The default is 1.
Ignore these URLs Enter the URL that contains forms you want to exclude from the scan.
URL Displays existing URLs that contain forms that the scan job will scan. If you do not want certain URLs to be scanned for control names, select them and click Remove.
Ignore these forms Enter the name of the form you want the scan job to exclude when it runs a scan. This option is useful when there are forms you do not care about. Using this option can give you more accurate results.
Note: When you use this option, no PII information about the form will be recorded in the database.
Form name Displays existing forms that the scan job will scan for the control names listed in the Control Name list. If you do not want certain forms to be scanned for control names, select them and click Remove.
Ignore forms with these control names Enter the name of a form you want the scan job to exclude when it runs a scan. This option is useful when you have forms that do not have a name, but you want to exclude them from the scan based on the control name. Using this option can give you more accurate results.
Note: When you use this option, no PII information about the form will not be recorded in the database.
Control name Displays existing controls that will scan for when the scan runs. If you do not want certain controls to be scanned, select them and click Remove.
Only enable XRule if it is required by a job or a report Make this rule run only when it is required by a job or report. This method is the most efficient way to use an XRule. XRules that are unnecessarily run increase the time it takes to scan your site or generate report packs.
Always enable XRule Have the XRule run whenever the job runs. This method is the least efficient way to use an XRule.
Always disable XRule Disable the XRule from a job or report. The rule will never be run, even if it is required. You must disable the XRule when it causes problems with the job, such as a scan continuing indefinitely.