Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
CCPA
CMMC
How does Agent-side Redaction of CMMC Data Work?Are There RegEx Examples of Common CMMC Data Types?
HIPAA
Release Notes
Reporting API
Customer Support Articles

Are There RegEx Examples of Common CMMC Data Types?

When building custom Data Types for CMMC (Cybersecurity Maturity Model Certification), your Regex should focus on the specific identifiers used in government contracting, defense manufacturing, and export control.

Below are examples of Regex patterns for common CUI (Controlled Unclassified Information) categories.

1. CUI Marking Identifiers

CMMC requires the identification of files explicitly marked as CUI. While keywords are common, Regex can find standardized marking strings.

  • Pattern: \bCUI\/\/[A-Z0-7\s\/]+\b
  • What it finds: Standardized CUI banners like the following: CUI//SP-ITAR or CUI//BASIC.
  • Tip: Use this as an "Anchor" in an SDD to find any file that has been officially marked by a government agency.

2. ITAR / Export Control Numbers

Technical data subject to ITAR often carries specific license or category numbers.

  • Pattern: \b(ITAR|EAR)\s?Category\s?[I-X]{1,3}\b
  • What it finds: References to specific export categories, such as ITAR Category IV or EAR Category II.
  • Tip: This is highly effective for identifying technical manuals and engineering specifications that must remain within a US-only enclave.

3. National Stock Numbers (NSN)

If you manufacture parts for the DoD, your files likely contain 13-digit National Stock Numbers.

  • Pattern: \b\d{4}-\d{2}-\d{3}-\d{4}\b
  • What it finds: Standardized NSNs like 5962-01-345-6789.
  • Tip: NSNs are often public, so link this Regex to a Keyword List (for example, "Proprietary" or "CUI") in an SDD to reduce false positives from public catalogs.

4. Commercial and Government Entity (CAGE) Codes

CAGE codes are unique identifiers for federal contractors.

  • Pattern: \b[0-9A-Z]{5}\b
  • What it finds: 5-character codes like 1AB23.
  • Tip: Because this is a simple 5-character string, it causes many false positives. Always use this with a Proximity Rule requiring the word "CAGE" or "Entity" to be within 20 characters.

5. Distribution Statements

DoD technical documents must carry a Distribution Statement (A through F).

  • Pattern: \bDistribution\sStatement\s[A-F]\b
  • What it finds: Strings like Distribution Statement B or Distribution Statement D.
  • Tip: Statements B through F generally indicate CUI. You can use this Regex to trigger an automated Classification playbook that labels the file as "Restricted."

6. Federal Contract Numbers (PIID)

The Procurement Instrument Identifier (PIID) is the unique number assigned to a federal contract.

  • Pattern: \b[A-Z0-9]{4,6}-[0-9]{2}-[A-Z]-[0-9]{4}\b
  • What it finds: Standard contract formats like N00014-21-C-1234.
  • SME Tip: This is the "Gold Standard" for CMMC discovery. Finding a contract number on an unauthorized device is a clear indicator of a CUI spill.

How to Implement These in Spirion Sensitive Data Platform

  1. Create the Data Type: Go to Configuration > Data Types > Add Regex.
  2. Add Validation: For patterns like NSNs, ensure you use the \b (word boundary) to prevent the Regex from matching a random string of numbers inside a larger block.
  3. Combine into an SDD:
    • Example: Create an SDD called CMMC_Contract_File.
    • Logic: Match if Regex (Contract Number) is within 50 characters of Keyword (Confidential).
  5. Enable Redaction: In your Agent Policy, ensure these new Regex types are set to Partial Redaction (for example, N00014-XX-X-XXXX) so you can identify the contract without creating a data spill in the console.

Summary Table

Data Category

Regex Pattern

Use Case

CUI Banners

\bCUI\/\/[A-Z0-7\s\/]+\b

Finding officially marked docs

Stock Numbers

\b\d{4}-\d{2}-\d{3}-\d{4}\b

Defense manufacturing parts

Contract IDs

\b[A-Z0-9]{4,6}-[0-9]{2}-[A-Z]-[0-9]{4}\b

Identifying specific CUI projects

Dist. Statements

\bDistribution\sStatement\s[A-F]\b

Access control & labeling

Was this article helpful?

Powered by Product Fruits