| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization's incident response training addresses individuals' actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response training addresses points of contact.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to provide a more thorough and realistic incident response training environment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization incorporates simulated events into incident response training.
|
1.0 |
|
Addresses the requirement for the organizations to use independent auditors for PKI compliance audits.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for indication of use of collaborative computing devices as related to overall system and communications protection requirements.
|
1.0 |
|
Addresses the requirement for the individual personnel shall be specifically designated to one of the four PKI trusted roles: Administrative, Officer, Auditor or Operator.
|
1.0 |
|
Specifies that a health care related organization must have policies for granting access to electronic protected health information.
|
1.0 |
|
Specifies that a health care related organization must implement procedures for granting access to electronic protected health information.
|
1.0 |
|
Specifies that a health care related organization must have policies that, based upon the organization's access authorization policies, establish, document, review, and modify a user's right of access to a workstation.
|
1.0 |
|
Specifies that a health care related organization must implement procedures that, based upon theorganization's access authorization policies, establish, document, review, and modify a user's right of access to a workstation.
|
1.0 |
|
Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must have policies that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
|
1.0 |
|
Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information and system are categorized as related to overall risk assessment requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces approved authorizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides access from a single device to computing platforms, applications, or data residing on multiple different security domains, while preventing any information flow between the different security domains.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined solutions in approved configurations to control the flow of organization-defined information across security domains.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides the capability for privileged administrators to configure organization-defined security policy filters to support different security policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents encrypted information from bypassing content-checking mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, uses organization-defined data type identifiers to validate data essential for information flow decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, decomposes information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, examines the information for the presence of [Assignment: organized-defined unsanctioned information and prohibits the transfer of such information in accordance with the organization-defined security policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uniquely identifies and authenticates source and destination points by organization, system, application, and/or individual for information transfer.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces dynamic information flow control based on organization-defined policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces organization-defined limitations on embedding data types within other data types.
|
1.0 |
