| Trustmark Definition Name | Version |
|---|---|
|
Addresses requirements for an organization to require identity source documents used for identity proofing to be in their original form.
|
1.0 |
|
Addresses requirements for identity being established no more than 30 days before initial certificate issuance for Medium Assurance.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for implementation of established configuration settings as related to overall configuration management requirements.
|
1.0 |
|
Addresses requirements for establishing that an organization accepts a prior in-person event for the purposes of meeting in-person identity proofing requirements.
|
1.0 |
|
Addresses requirements for in-person authentication for PKI registration to be performed on behalf of a registration authority by an authorized entity.
|
1.0 |
|
Addresses requirements for recording a facsimile of the ID(s) of PKI certificate applicants when performing in-person identity proofing.
|
1.0 |
|
Addresses requirements for recording unique identifying number(s) from the ID(s) of PKI certificate applicants when performing in-person identity proofing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires users to logout under defined situations.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - analysis as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - containment as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - coordination as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - detection as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - eradication as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - lessons learned as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - preparation as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - recovery as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to support the incident handling process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a configurable capability to automatically disable the information system if organization-defined security violations are detected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies organization-defined classes of incidents and actions to take in response to classes of incidents to ensure continuation of organizational missions and business functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization coordinates with organization-defined external organizations to correlate and share organization-defined incident information to achieve a cross-organization perspective on incident awareness and more effective incident responses.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes dynamic reconfiguration of organization-defined information system components as part of the incident response capability.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined dynamic response capabilities to effectively respond to security incidents.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization correlates incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization coordinates incident handling capability for insider threats across organization-defined components or elements of the organization.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements incident handling capability for insider threats.
|
1.0 |
