| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for granular, mappable audit time stamps as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for group and role authenticator changes as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for group and role membership as related to overall access control requirements.
|
1.0 |
|
This Trustmark Definition requirements for organizations to document their procedures for handling PKI records archive information.
|
1.0 |
|
Addresses requirements for PKI Hardware certificates to indicate the lack of any organization affiliation.
|
1.0 |
|
Addresses requirements for PKI Hardware certificates to indicate organization affiliation.
|
1.0 |
|
Addresses requirements for PKI Content Signing certificates indicating the organization administering the CMS.
|
1.0 |
|
Addresses the requirement that only hardware related to the operation of a PKI Certificate Authority are installed.
|
1.0 |
|
Addresses requirements for PKI Card Authentication subscriber certificates to prohibit the use of the subscriber common name.
|
1.0 |
|
Addresses the requirement for hardware updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
Addresses the requirement for hardware updates to be installed by trusted and trained personnel in a defined manner.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to mitigate, to the extent practicable, any harmful effect that is known to the covered entity of a use or disclosure of protected health information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a diverse set of information technologies for organization-defined information system components in the implementation of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virtualization techniques to support the deployment of a diversity of operating systems and applications that are changed organization-defined frequency.
|
1.0 |
