Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-content-control-lists

Content Control Lists

A Content Control List (CCL) helps you find sensitive information in emails, such as credit card numbers, social security numbers (SSNs), personally identifiable information (PII), or combinations of data types across various documents.

Show me how to add a Data Control policy with a custom CCL

Show me how to configure a Data Control policy with a custom CCL

For more information on CCLs, see Content Control Lists: Frequently Asked Questions.

The key steps to configure your CCLs are as follows:

Select a Content Control List

In the Region column, you can select from the predefined templates we've provided to fit your needs. These templates are designed to match common types of sensitive data and let you filter the CCL list based on region or content type.

Selecting Content Control Lists.

To view the details of a CCL, hover over the Information icon Information icon. next to a CCL. We've added tooltip information that thoroughly explains how the CCL works, its expected format, and how it'll be applied to emails.

In the Choose content control lists table, you can do the following actions:

  • Use Selected CCLs to select or deselect CCLs from the list that are currently selected. Use All CCLs to select or deselect CCLs from the complete list of available CCLs. Switching between these options helps you manage CCLs based on your needs.
  • Use the region drop-down list to filter CCLs by countries or geographical regions. The drop-down list helps to narrow down CCLs specific to your location.
  • Use the type drop-down list to filter CCLs by content types, such as bank account numbers or health-related information. The drop-down list helps you find the most relevant CCLs for your needs.
  • Use the search box to find specific CCLs by entering keywords or part of the list name.

Configure number of matches

In the Number of matches column, we don't recommend changing the default value of any CCL. This setting controls how many times a match for the regular expression must be found before the CCL rule is triggered. Change this setting only if you fully understand the implications of your change.

Here's how the number affects the rule:

  • A higher number of matches makes the rule stricter and results in fewer false positives.
  • A lower number of matches makes the rule more sensitive and results in fewer false negatives.

For example, if the default value is 10, increasing it to 11 makes the CCL match stricter, while decreasing it to 9 makes the CCL match more lenient. We don't recommend changing the default value, unless you accept the risk due to the strictness or leniency of your rule.

"Number of matches" column.

Next, you can configure the rule to trigger based on the number of CCL matches found within the email content. See Trigger rule by number of CCL matches.

Trigger rule by number of CCL matches

The Trigger this rule by number of CCL matches setting lets you fine-tune when the Data Control rule is triggered, either when a specific number of CCLs match or when all CCLs match.

You can choose how to trigger the rule as follows:

  • Trigger by Number of Matches: Enter the number of CCL matches required to trigger the rule.

    This option allows you to set the rule to trigger when a specific number of CCL matches are found in the email content.

    For example, if you set the number of matches to 2, the rule only triggers when two out of three specific CCL patterns in the email match.

  • Trigger by All CCL Matches: Select All the CCLs must match.

    This option triggers the rule only when every defined pattern or condition within the CCL is met. All CCL matches must be found for the rule to trigger.

"Trigger this rule by number of CCL matches" setting.

Configure search locations

When you set up a Data Control policy, you need to specify where to search for keywords or CCL matches within the email content. In Search in, you can select one or more locations to scan.

The available search locations are as follows:

  • Subject: The system looks for keywords or CCL matches within the email's subject line.
  • Body: The system scans the main body of the email.
  • Attachment Name: The system checks the file name of any attachments.
  • Attachment Content: The system inspects the actual content of attached files, such as PDFs or Word documents.

You can select any combination of these locations to customize your search. For example, you may search only the body and attachment file content but exclude the subject line.

Search locations.