| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that reflects coordination among organizational entities responsible for the different aspects of information security (i.e., technical, physical, personnel, cyber-physical).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the organization-wide information security program plan at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during security control assessments.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the organization-wide information security plan to address organizational changes and problems identified during plan implementation.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information security requirements definition as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information security resource allocation as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that information security resources are available for expenditure as planned.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a business case such as a U.S. Office of Management and Budget (OMB) Exhibit 300 / Exhibit 53 to record the resources required to implement the information security program fpr all capital planning and investment requests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that all capital planning and investment requests include the resources needed to implement its information security program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents exceptions where capital planning and investment requests do not include the resources needed to implement the information security program.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information security risk management integrated into system development life cycle activities as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information security roles in the system development life cycle mapped to individuals as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an information security workforce development and improvement program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assists users in making information sharing/collaboration decisions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization permits authorized users to determine whether access authorizations assigned to sharing partners match the access restrictions on the information being shared.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces information-sharing decisions by authorized users based on access authorizations of sharing partners and access restrictions on information to be shared.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements information search and retrieval services that enforce organization-defined information sharing restrictions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by identifying other information systems or system components that may have been subsequently contaminated.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by alerting organization-defined personnel or roles of the information spill using a method of communication not associated with the spill.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by eradicating the information from the contaminated information system or component.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by identifying the specific information involved in the information system contamination.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by isolating the contaminated information system or system component.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization responds to information spills by performing other organization-defined actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards for personnel exposed to information not within assigned access authorizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined procedures to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions.
|
1.0 |
