| Trustmark Definition Name | Version |
|---|---|
|
Specifies that a health care related organization must have policies that, based upon the organization's access authorization policies, establish, document, review, and modify a user's right of access to a workstation.
|
1.0 |
|
Specifies that a health care related organization must implement procedures that, based upon theorganization's access authorization policies, establish, document, review, and modify a user's right of access to a workstation.
|
1.0 |
|
Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must have policies that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
|
1.0 |
|
Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information and system are categorized as related to overall risk assessment requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces approved authorizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides access from a single device to computing platforms, applications, or data residing on multiple different security domains, while preventing any information flow between the different security domains.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined solutions in approved configurations to control the flow of organization-defined information across security domains.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides the capability for privileged administrators to configure organization-defined security policy filters to support different security policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents encrypted information from bypassing content-checking mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, uses organization-defined data type identifiers to validate data essential for information flow decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, decomposes information into organization-defined policy-relevant subcomponents for submission to policy enforcement mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, examines the information for the presence of [Assignment: organized-defined unsanctioned information and prohibits the transfer of such information in accordance with the organization-defined security policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uniquely identifies and authenticates source and destination points by organization, system, application, and/or individual for information transfer.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces dynamic information flow control based on organization-defined policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces organization-defined limitations on embedding data types within other data types.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides the capability for privileged administrators to enable/disable organization-defined security policy filters under organization-defined conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces the use of human reviews for organization-defined information flows under organization-defined conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces information flow control based on organization-defined metadata.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uses organization-defined security attributes associated with organization-defined information, source, and destination objects to enforce organization-defined information flow control policies as a basis for flow control decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces organization-defined one-way information flows using hardware mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system separates information flows logically or physically using organization-defined mechanisms and/or techniques to accomplish organization-defined required separations by types of information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system uses protected processing domains to enforce organization-defined information flow control policies as a basis for flow control decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, implements organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.
|
1.0 |
