Deployment Guide › Client Agents: File and Print › Deploy the CFSA › Which Policies Are Applied?

Which Policies Are Applied?

The CFSA applies both machine policy and user policy when assessing whether to allow files to be copied to removable devices or network locations.

• Machine policy: This is always the policy for the machine hosting the CFSA. The host machine inherits this policy from the common client policy (see the Administration console online help; search the index for ‘common client policy’), though you can customize policy for individual client machines.
• User policy: When applying Data In Motion triggers to files being copied to removable devices or network locations, the CFSA always applies the user policy for the CA DLP user currently logged onto the agent machine.

  When applying Data At Rest triggers during a file scan, the CFSA always applies the user policy specified by the Default Policy for Data At Rest setting, itself defined in the machine policy.

To quickly roll out the CFSA across multiple client machines, you need to edit the common client policy and the default user policy (or the policy for an appropriate user group). This will ensure that the relevant policy settings replicate down to your end-users and their respective client machines as soon as possible. Of course, you can still customize the policies for individual machines and users as necessary.

More information:

Data At Rest Protection Folder