| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for flaw remediation incorporated into configuration management process as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms at an organization-defined frequency to determine the state of information system components with regard to flaw remediation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization installs organization-defined security-relevant software and firmware updates automatically to organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization centrally manages the flaw remediation process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization removes organization-defined software and firmware components after updated versions have been installed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization measures the time between flaw identification and flaw remediation; and establishes organization-defined benchmarks for taking corrective actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization has formal information security event reporting and escalation procedures in place.
|
1.0 |
|
Addresses formatting requirements for electronic facial images collected during identity proofing for PKI card issuance.
|
1.0 |
|
Addresses formatting requirements for electronic fingerprints collected during identity proofing for PKI card issuance.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for forwarding of security incident information as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if assigned a P (limited access) ORI, does NOT permit the use of the full access ORI of another agency to conduct any inquiry transactions.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for generation of audit records as related to overall audit and accountability requirements.
|
1.0 |
|
Addresses the requirement for the generation of new keys following the loss or compromize of PKI Certificate Authority signing keys.
|
1.0 |
|
Addresses acceptable key generation parameters for use with PKI
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.
|
1.0 |
