| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system implements information search and retrieval services that enforce organization-defined information sharing restrictions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by identifying other information systems or system components that may have been subsequently contaminated.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by alerting organization-defined personnel or roles of the information spill using a method of communication not associated with the spill.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by eradicating the information from the contaminated information system or component.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by identifying the specific information involved in the information system contamination.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by isolating the contaminated information system or system component.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by performing other organization-defined actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards for personnel exposed to information not within assigned access authorizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assigns organization-defined personnel or roles with responsibility for responding to information spills.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides information spillage response training organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - known administrative vulnerabilities as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - secure configuration as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - use and maintenance as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts to access and-or modify system resources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts for users to access, modify, or destroy the audit log file.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful system log-on attempts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts to change account passwords.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful actions by privileged accounts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization enforces dual authorization for the deletion or destruction of backup information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization stores backup copies of critical information system software and other security-related information in a fire-rated container that is not collocated with the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization accomplishes information system backup by maintaining a redundant secondary system that is not collocated with the primary system and that can be activated without loss of information or disruption to operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization stores backup copies of critical information system software and other security-related information in a separate facility that is not collocated with the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses a sample of backup information in the restoration of selected information system functions as part of contingency plan testing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests backup information.
|
1.0 |
