| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms at an organization-defined frequency to determine the state of information system components with regard to flaw remediation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization installs organization-defined security-relevant software and firmware updates automatically to organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization centrally manages the flaw remediation process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization removes organization-defined software and firmware components after updated versions have been installed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization measures the time between flaw identification and flaw remediation; and establishes organization-defined benchmarks for taking corrective actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization has formal information security event reporting and escalation procedures in place.
|
1.0 |
|
Addresses formatting requirements for electronic facial images collected during identity proofing for PKI card issuance.
|
1.0 |
|
Addresses formatting requirements for electronic fingerprints collected during identity proofing for PKI card issuance.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for forwarding of security incident information as related to overall incident response requirements.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 7(4).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 15(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 17(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 21(2).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 21(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 16.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 18(1).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if assigned a P (limited access) ORI, does NOT permit the use of the full access ORI of another agency to conduct any inquiry transactions.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for generation of audit records as related to overall audit and accountability requirements.
|
1.0 |
|
Addresses the requirement for the generation of new keys following the loss or compromize of PKI Certificate Authority signing keys.
|
1.0 |
|
Addresses acceptable key generation parameters for use with PKI
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
