Environment
Reflection Desktop (including Pro, for X, for IBM, or for UNIX and OpenVMS) 16.0 and higher
Reflection 2014
Reflection for IBM 2014
Reflection for UNIX and OpenVMS 2014
Reflection for IBM 2011 R2 or higher
Reflection for UNIX and OpenVMS 2011 R2 or higher
Reflection Standard Suite 2011 R2 or higher
Reflection 2014
Reflection for IBM 2014
Reflection for UNIX and OpenVMS 2014
Reflection for IBM 2011 R2 or higher
Reflection for UNIX and OpenVMS 2011 R2 or higher
Reflection Standard Suite 2011 R2 or higher
Situation
This technical note describes how to include the regular expressions provided in the Reflection Desktop, Reflection 2014, and Reflection 2011 R2 and R3 interface for Custom Detection Rules and Custom Exception Expressions in your Group Policy object.
Before you can configure Payment Card Industry Data Security Standards (PCI DSS) with group policy, you need to copy the required files as described in the “To set up Information Privacy with Group Policy” topic in the
Reflection Desktop 17 Deployment Guide: https://www.microfocus.com/documentation/reflection-desktop/17-0/deployment-guide/set-up-information-privacy.htm
Reflection Desktop 16 Deployment Guide: https://www.attachmate.com/documentation/reflection-desktop-v16/deployment-guide/data/t_33091.htm
Reflection 2014 Deployment Guide: https://docs.attachmate.com/reflection/2014/r1/deploymentguide.pdf#page=
Reflection 2011 Deployment Guide: https://docs.attachmate.com/reflection/2011/r2/deploy/deploymentguide.pdf#page=
Resolution
Add Expressions for the Define Additional PAN (Primary Account Number) Matching Rules Setting
- In the Group Policy editor, open the Information Privacy settings.
- Select "Define additional PAN matching rules" and then click "Edit policy setting."
- In the Define additional PAN matching rules dialog box, select Enabled.
- Click "Show…" to open the Show Contents dialog box for "Matching rules:" where you can enter the regular expressions.
- Copy the regular expressions you want to add to the Value list.
Detection Rules:
| Description |
Expression |
| 16 digit Visa |
^4\d{15}$ |
| 16 digit MasterCard |
^5[1-5]\d{14}$ |
| 15 digit American Express |
^3[47]\d{13}$ |
| 16 digit Discover |
^6(?:011|5[0-9]{2})\d{12}$ |
| 14 digit Diner’s Club |
(^(30)[0-5]\d{11}$)|(^(36)\d{12}$)|(^(38[0-8])\d{11}$) |
| 14 digit Carte Blanche |
^(389)\d{11}$ |
| 15 or 16 digit JCB (Japanese Credit Bureau) |
^(?:2131|1800|35\d{3})\d{11}$ |
| 15 digit enRoute |
(^(2014)|^(2149))\d{11}$ |
| 15 digit Voyager |
^8699\d{11}$ |
Note: You can copy only the expressions into the Value list. You cannot copy the descriptions.
Add Expressions for PAN Exceptions
- In the Group Policy Information Privacy window, select "Define PAN exception rules," and then click "Edit policy setting."
- In the Define PAN exception rules dialog box, select Enabled.
- Click Show to open the Show Contents dialog box for Exception rules.
- Copy the exception rule expressions you want to add to the Value list.
| Description |
Expression |
| Date pattern that has year at the end. Date separators are allowed to be hyphens or slashes. |
\b[0-3]?[0-9][/\p{Pd}][0-3]?[0-9][/\p{Pd}](?:[0-9]{2})?[0-9]{2}\b |
| Date pattern that has 4 digit year at the beginning. |
\b([0-9]{4})[/\p{Pd}](1[0-2]|0[1-9])[/\p{Pd}](3[0-1]|0[1-9]|[1-2][0-9])\b |
| US Social Security numbers. |
\b(?!000|666)(?:[0-6][0-9]{2}|7(?:[0-6][0-9]|7[0-2]))\p{Pd}(?!00)[0-9]{2}\p{Pd}(?!0000)[0-9]{4}\b |
| Time format with HH:MM:SS. |
\b(1[0-2]|0?[1-9]):([0-5]?[0-9]):([0-5]?[0-9])\b|\b(2[0-3]|[01]?[0-9]):([0-5]?[0-9]):([0-5]?[0-9]) |
| Time format with HH:MM. |
\b(1[0-2]|0?[1-9]):([0-5]?[0-9])\b|\b((2[0-3]|[01]?[0-9]):([0-5]?[0-9])) |
| This allows currency symbol beginning
or trailing, with whitespace in between the symbol and the amount. The
comma or decimal point are allowed to be either the grouping symbol or
the decimal. |
(\p{Sc}\p{Z}?(\d{1,3}([\,\.]\d{3})*|(\d+))([\.\,]\d{2})?)|((\d{1,3}([\,\.]\d{3})*|(\d+))([\.\,]\d{2})?\p{Z}?\p{Sc}) |
| Numbers that use the comma as a
thousands separator and dot as the decimal separator. Fractional parts
are optional. Must include at least one thousands group. |
\b[0-9]{1,3}(,[0-9]{3})+(\.[0-9]+)?\b |
| North American phone numbers, requiring
at least the area code. This also allows an optional country code +1.
Do not allow space as a separator between the 7 digit portion. |
(?:\+?1[-. ]?)?\(?\b([0-9]{3})\)?[-. ]?([0-9]{3})[-.]?([0-9]{4})\b |
| Percentages as a whole number with optional fractional part. Matches if isn't prefixed with a digit or decimal point. |
(?<![\d\.])\d{1,3}(?:\.\d{1,2})?% |
| Floating point numbers. Optional sign,
integer, and fraction. If the integer part is omitted, the fraction is
mandatory. If the fraction is omitted, the decimal dot must be omitted
too. Optional exponent. Alternatively, integers with a preceding
positive sign are allowed. |
[+\p{Pd}]?([0-9]+(\.[0-9]+)|\.[0-9]+)([eE][+\p{Pd}]?[0-9]+)?\b|[+][0-9]+\b |
| Canadian postal codes. First part is a
negative look-ahead preventing DFIOQU anywhere in the string. [A-VXY]
prevents W or Z as first character. Otherwise, alternate alpha and
numeric with a space in the middle. |
\b(?!.*[DFIOQU])[A-VXY][0-9][A-Z] [0-9][A-Z][0-9]\b |
| UK postcodes. Five to seven alphanumeric chars separated by a space. See British Standard BS7666. |
\b[A-Z]{1,2}[0-9R][0-9A-Z]? [0-9][ABD-HJLNP-UW-Z]{2}\b |
| Dutch postcodes. Digit between 1-9, followed by 3 digits and at least one space, followed by two letters. |
\b[1-9]\d{3}\ +[A-Z]{2}\b |
| Function key help in IBM host screens. PFxx=, Fxx= and PFxx, and x(x)=. The latter requires leading and trailing whitespace. |
\bP?F[0-9]{1,2}=|\bPF[0-9]{1,2}\b|\s[0-9]{1,2}=\s |
| IBM file mode designator A followed by any digit within leading and trailing word boundaries. |
\bA\d\b |
| File size designator in kilobytes, allowing for up to 2 preceding digits. |
\b\d{1,2}K\b |
| Standalone integers, optionally followed by a decimal/period. Requires leading and trailing whitespace. |
\s\d{1,2}\.?\s |
| Standalone integers, optionally followed by a decimal/period. Requires leading whitespace and must be the end of the input. |
\s\d{1,2}\.?$ |
| Standalone integers, optionally
followed by a decimal/period. Requires trailing whitespace and must be
the beginning of the input. |
^\d{1,2}\.?\s |
| IBM host application copyright notices that include one standalone or two comma separated years. |
Copyright IBM Corp.\s\d\d\d\d(, \d\d\d\d)? |
| The literal string ‘COBOL/370’ as might appear in certain IBM application screens. |
COBOL/370 |