| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements related to organizations use of sensitive information for purposes other than those specified.
|
1.0 |
|
Addresses the requirement for Executive branch agencies to follow a defined PKI records archive schedule.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides user logout capabilities.
|
1.0 |
|
Addresses requirements for protection of PKI certificate authority private keys.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to ensure that the interests of organization-defined external service providers are consistent with and reflect organizational interests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes, documents, and maintains trust relationships with external service providers based on organization-defined security requirements, properties, factors, or conditions defining acceptable trust relationships.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires providers of organization-defined external information system services to identify the functions, ports, protocols, and other services required for the use of such services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the acquisition or outsourcing of dedicated information security services is approved by organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts the location of information processing, information/data, and/or information system services to organization-defined locations based on organization-defined requirements or conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts an organizational assessment of risk prior to the acquisition or outsourcing of dedicated information security services.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for external provider compliance with organizational security requirements as related to overall system and services acquisition requirements.
|
1.0 |
|
Specifies that a health care related organization must have policies to control and validate a person's access to facilities based on their role or function.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to control and validate a person's access to facilities based on their role or function.
|
1.0 |
|
Specifies that a health care related organization must have policies that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
|
1.0 |
|
Specifies that a health care related organization must establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.
|
1.0 |
|
Specifies that a health care related organization must have policies to document repairs and modifications to the physical components of a facility which are related to security.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to document repairs and modifications to the physical components of a facility which are related to security.
|
1.0 |
|
Specifies that a health care related organization must have policies to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
|
1.0 |
|
Specifies that a health care related organization must implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft.
|
1.0 |
|
Addresses the requirement for the last person who departs the facility to initial a sign-out sheet indicating the time and date.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with facsimile transmission security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system fails to an organization-defined known-state for organization-defined types of failures preserving organization-defined system state information in failure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined fail-safe procedures when organization-defined failure conditions occur.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for audit processing failure actions as related to overall audit and accountability requirements.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for an organization's PKI Card Management System (CMS) equipment to be protected at the same level of assurance as the corresponding CA equipment.
|
1.0 |
