Modifying protection policy

To modify an existing protection policy:

1. Open Application Data Protection.

2. In the left pane, click Protection Policies. The list of protection policies is displayed.

3. Click the protection policy that you want to update. The <Protection Policy-name> screen shows the policy details.

4. Modify the policy details. You can modify the following fields:

   • Algorithm

   • Key

   • Character Set

   • Access Policy

   • Masking Format

   • Tweak Algorithm (if applicable)

   • Tweak (if applicable)

   • IV (if applicable)

   Caution

   In CipherTrust Manager 2.13 and lower versions, the linking of protection policy to access policy was not available. When upgrading to CipherTrust Manager 2.14, it is mandatory to link the access policy to protection policy. To do so, edit the protection policy and select the desired access policy from the available options. If access policy doesn't exist, create a new.

5. Click Update. A message stating, Protection Policy updated successfully is displayed and the version of policy is incremented. The updated policy is automatically received in client's environment after heartbeat interval.

Modify policy with legacy formats

While modifying an existing protection policy, if it contains any of the following algorithms, the CipherTrust Manager will automatically map the old algorithm to the equivalent algorithm and character set.

• FPE/AES/CARD10

• FPE/AES/CARD26

• FPE/AES/CARD62

• FPE/AES/UNICODE

• FPE/FF1v2/CARD10

• FPE/FF1v2/CARD26

• FPE/FF1v2/CARD62

• FPE/FF1v2/ASCII

• FPE/FF1v2/UNICODE

• FPE/FF3/CARD10

• FPE/FF3/CARD26

• FPE/FF3/CARD62

• FPE/FF3/ASCII

The following table shows the mapping of legacy formats (algorithm + character set) to their equivalent algorithm and character set.