| Trustmark Definition Name | Version |
|---|---|
|
Addresses requirements for in-person identity proofing before a Federally certified entity.
|
1.0 |
|
Addresses requirements for in-person identity proofing before a state-certified entity.
|
1.0 |
|
Addresses requirements for in-person identity proofing before a PKI Registration Authority.
|
1.0 |
|
Addresses the requirement for an organization to record the identity information of sponsors for group PKI certificates before they are issued.
|
1.0 |
|
Addresses requirements for organizations to record the identity persons performing identity verification for PKI certificate issuance.
|
1.0 |
|
Addresses the requirement for organizations to require device PKI certificate subscribers to re-establish identity for re-keying through means commensurate with the certificate's strength.
|
1.0 |
|
Addresses the requirement for organizations to require PKI certificate subscribers to re-establish their identity through the organization's initial registration process.
|
1.0 |
|
Addresses requirements for an organization to require identity source documents used for identity proofing to be in their original form.
|
1.0 |
|
Addresses requirements for identity being established no more than 30 days before initial certificate issuance for Medium Assurance.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.5: Implementation and Maintenance of Secure Environments for Software Development. Requires an organization to ensure that all components of the environments for software development are strongly protected from internal and external threats to prevent compromises of the environments or the software being developed or maintained within them. Examples of environments for software development include development, build, test, and distribution environments.
|
1.1 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 46(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 32(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 25(2).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 25(1).
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for implementation of established configuration settings as related to overall configuration management requirements.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 22(3).
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.2: Implementation of SDLC Roles and Responsibilities. Requires an organization to ensure that everyone inside and outside of the organization involved in the SDLC is prepared to perform their SDLC-related roles and responsibilities throughout the SDLC.
|
1.1 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.3: Implementation of SDLC Supporting Toolchains. Requires an organization to use automation to reduce human effort and improve the accuracy, reproducibility, usability, and comprehensiveness of security practices throughout the SDLC, as well as provide a way to document and demonstrate the use of these practices. Toolchains and tools may be used at different levels of the organization, such as organization-wide or project-specific, and may address a particular part of the SDLC, like a build pipeline.
|
1.1 |
|
Addresses requirements for establishing that an organization accepts a prior in-person event for the purposes of meeting in-person identity proofing requirements.
|
1.0 |
|
Addresses requirements for in-person authentication for PKI registration to be performed on behalf of a registration authority by an authorized entity.
|
1.0 |
|
Addresses requirements for recording a facsimile of the ID(s) of PKI certificate applicants when performing in-person identity proofing.
|
1.0 |
|
Addresses requirements for recording unique identifying number(s) from the ID(s) of PKI certificate applicants when performing in-person identity proofing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires users to logout under defined situations.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - analysis as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - containment as related to overall incident response requirements.
|
1.0 |
