| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system provides the capability for privileged administrators to enable/disable organization-defined security policy filters under organization-defined conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces the use of human reviews for organization-defined information flows under organization-defined conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces information flow control based on organization-defined metadata.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uses organization-defined security attributes associated with organization-defined information, source, and destination objects to enforce organization-defined information flow control policies as a basis for flow control decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces organization-defined one-way information flows using hardware mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system separates information flows logically or physically using organization-defined mechanisms and/or techniques to accomplish organization-defined required separations by types of information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uses protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, implements organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information handling and retention as related to overall system and information integrity requirements.
|
1.0 |
|
Addresses the requirement that information in certificate applications be verified as accurate before certificates are issued.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents unauthorized and unintended information transfer via shared system resources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents unauthorized information transfer via shared resources in accordance with organization-defined procedures when system processing explicitly switches between different information classification levels or security categories.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system checks the validity of organization-defined information inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system audits the use of its manual override capability for input validation of organization-defined inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides a manual override capability for input validation of organization-defined inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts the use of information inputs to organization-defined formats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts the use of information inputs to organization-defined trusted sources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restricts the use of the manual override capability for input validation of organization-defined inputs to only organization-defined authorized individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that input validation errors are reviewed and resolved within organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization accounts for timing interactions among information system components in determining appropriate responses for invalid inputs.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to implement information integrity verification tools for information systems.
|
1.0 |
