We have deployed McAfee DLP 9.0 and recently upgraded it to 9.1 release. My customer here has two critical issues that need to be addressed regarding their policies 1) Customer has opted for Manual Tagging in their environment. Person A from department 1 and Person B from department 2 are given rights for manual tagging. If a person A department 1 manually tags a file, is there a way to block Person B department 2 from untagging the file? (keep in mind Person B also has manual tagging rights?) Is there a way to keep different tags for different departments because so far as per our understanding, once a person has manual tagging rights, all tags are available to him. 2- If a manually tagged file is tagged/untagged, there is no evidence created or generated for it. Is there a way to make that happen?
The answer to all your questions is no.
If manual tagging is enabled a user can see all the tags and add or remove them.