| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization protects the information system from information leakage due to electromagnetic signals emanations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that information system components, associated data communications, and networks are protected in accordance with U.S. national emissions and TEMPEST policies and procedures based on the security category or classification of the information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system validates information output from organization-defined software programs and/or applications to ensure that the information is consistent with the expected content.
|
1.0 |
|
Addresses requirements for verifying information provided during identity proofing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an information security architecture for the information system that describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in organizational procurements/acquisitions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the information security architecture at an organization-defined frequency to reflect updates in the enterprise architecture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in the security Concept of Operations (CONOPS).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in the security plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an information security architecture for the information system that describes any information security assumptions about, and dependencies on, external services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an information security architecture for the information system that describes how the information security architecture is integrated into and supports the enterprise architecture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization designs its security architecture using a defense-in-depth approach that allocates organization-defined security safeguards to organization-defined locations and architectural layers; and ensures that the allocated security safeguards operate in a coordinated and mutually reinforcing manner. .
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that organization-defined security safeguards allocated to organization-defined locations and architectural layers are obtained from different suppliers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops information security measures of performance.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors information security measures of performance.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reports on the results of information security measures of performance.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational assets.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to organizational operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to other organizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that is approved by a senior official with responsibility and accountability for the risk being incurred to the Nation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides a description of the common controls in place for meeting the requirements of the information security program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of compliance. .
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of coordination among organizational entities. .
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that includes the identification and assignment of management commitment.
|
1.0 |
