| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for granular, mappable audit time stamps as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for group and role authenticator changes as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for group and role membership as related to overall access control requirements.
|
1.0 |
|
This Trustmark Definition requirements for organizations to document their procedures for handling PKI records archive information.
|
1.0 |
|
Addresses requirements for PKI Hardware certificates to indicate the lack of any organization affiliation.
|
1.0 |
|
Addresses requirements for PKI Hardware certificates to indicate organization affiliation.
|
1.0 |
|
Addresses requirements for PKI Content Signing certificates indicating the organization administering the CMS.
|
1.0 |
|
Addresses the requirement that only hardware related to the operation of a PKI Certificate Authority are installed.
|
1.0 |
|
Addresses requirements for PKI Card Authentication subscriber certificates to prohibit the use of the subscriber common name.
|
1.0 |
|
Addresses the requirement for hardware updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
Addresses the requirement for hardware updates to be installed by trusted and trained personnel in a defined manner.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to mitigate, to the extent practicable, any harmful effect that is known to the covered entity of a use or disclosure of protected health information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a diverse set of information technologies for organization-defined information system components in the implementation of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virtualization techniques to support the deployment of a diversity of operating systems and applications that are changed organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system includes components that proactively seek to identify malicious websites and/or web-based malicious code.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system includes components specifically designed to be the target of malicious attacks for the purpose of detecting, deflecting, and analyzing such attacks.
|
1.0 |
|
Credential Service Providers must send notice to an applicant's confirmed address regarding their identity proofing. This notice may include an expiring enrollment code used to bind an authenticator to the applicant.
|
1.0 |
|
Credential Service Providers must send an enrollment code to a confirmed address for the applicant, and this enrollment code must be used to complete the identity proofing process. Additionally, the CSP must send a notice to a different confirmed address for the applicant notifying them of identity proofing process.
|
1.0 |
|
Credential Service Providers engaging in high assurance identity proofing must confirm the address of record for the applicant.
|
1.0 |
|
Credential Service Providers must confirm the applicant's address with authoritative sources and/or valid identity evidence. Self asserted address data must be confirmed. This applies to both physical and digital addresses.
|
1.0 |
