| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization transfers information system backup information to the alternate storage site at a defined time period and transfer rate consistent with its recovery time and recovery point objectives.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system component delivery and removal as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes in the information system component inventory information, a means for identifying individuals responsible/accountable for administering those components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes assessed component configurations and any approved deviations to current deployed configurations in the information system component inventory.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assigns organization-defined acquired information system components to an information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization receives an acknowledgement from the information system owner of the assignment of acquired information system components to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to support tracking of information system components by geographic location.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to help maintain an up-to-date, complete, accurate, and readily available inventory of information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization takesspecific actions when unauthorized components are detected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to detect the presence of unauthorized hardware, software, and firmware components within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides a centralized repository for the inventory of information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization verifies that all components within the authorization boundary of the information system are not duplicated in other information system component inventories.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the inventory of information system components as an integral part of component installations, removals, and information system updates.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system documentation - attempts to obtain documentation as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system documentation - distribution as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system documentation - documentation protection as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops and maintains an inventory of its information systems.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - attack detection as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - legal compliance as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - monitoring adjusted to risks as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - monitoring device placement as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - protection of collected information as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - reporting as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - unauthorized connections as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system monitoring - unauthorized use as related to overall system and information integrity requirements.
|
1.0 |
