| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information handling and retention as related to overall system and information integrity requirements.
|
1.0 |
|
Addresses the requirement that information in certificate applications be verified as accurate before certificates are issued.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents unauthorized and unintended information transfer via shared system resources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents unauthorized information transfer via shared resources in accordance with organization-defined procedures when system processing explicitly switches between different information classification levels or security categories.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system checks the validity of organization-defined information inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system audits the use of its manual override capability for input validation of organization-defined inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides a manual override capability for input validation of organization-defined inputs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts the use of information inputs to organization-defined formats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts the use of information inputs to organization-defined trusted sources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restricts the use of the manual override capability for input validation of organization-defined inputs to only organization-defined authorized individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that input validation errors are reviewed and resolved within organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization accounts for timing interactions among information system components in determining appropriate responses for invalid inputs.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to implement information integrity verification tools for information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects the information system from information leakage due to electromagnetic signals emanations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that information system components, associated data communications, and networks are protected in accordance with U.S. national emissions and TEMPEST policies and procedures based on the security category or classification of the information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system validates information output from organization-defined software programs and/or applications to ensure that the information is consistent with the expected content.
|
1.0 |
|
Addresses requirements for verifying information provided during identity proofing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an information security architecture for the information system that describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in organizational procurements/acquisitions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the information security architecture at an organization-defined frequency to reflect updates in the enterprise architecture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in the security Concept of Operations (CONOPS).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that planned information security architecture changes are reflected in the security plan.
|
1.0 |
