All,
I know this is not the anser you are all looking for...
Just as a side note.. if you get push back from auditors or anyone on the storage of SSN or CCN's in the DLP DB.. let them know the following.
The Oracle DB that DLP uses is following the PCI requirements for the storage of that data. Meaning that the DB is encrypted and the information that is within the DB cannot be accesses except through the DLP console. The DLP console has user based roles and access restrictions which will limit the view and access to the data stored within the DB.
The CCN or SSN data can be purged from the system after the incident is reviewed or deemed as not necessary to store the attachments or transmission payload. This will eliminate the risk of continaully storing the data, This needs to be part of a remedeation process to purge data on a regular basis.
Also as mentioned you can create roles to BLOCK the viewing of data/attachments/body of the incidents. Though in most cases you need to have this information in order to do some sort of review.
This might help remove concerns on the storage of information.
Thanks
Ronak
PLEASE MARKED SOLVED WHERE POSSIBLE