| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization analyzes outbound communications traffic at the external boundary of the information system and selected organization-defined interior points within the system (e.g., subnetworks, subsystems) to discover anomalies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization analyzes communications traffic/event patterns for the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at organization-defined interior points within the system (e.g., subsystems, subnetworks) to detect covert exfiltration of information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops profiles representing common traffic patterns and/or events for the information system. .
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and the number of false negatives.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to alert security personnel of organization-defined activities that trigger alerts for inappropriate or unusual activities with security implications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies organization-defined incident response personnel (identified by name and/or by role) of detected suspicious events and takes organization-defined least-disruptive actions to terminate suspicious events.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated tools to integrate intrusion detection tools into access control and flow control mechanisms for rapid response to attacks by enabling reconfiguration of these mechanisms in support of attack isolation and elimination.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated tools to support near real-time analysis of events.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization correlates information from monitoring tools employed throughout the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined host-based monitoring mechanisms at organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system monitors inbound communications traffic at an organization-defined frequency for unusual or unauthorized activities or conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system discovers, collects, distributes, and uses indicators of compromise.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of individuals who have been identified by organization-defined sources as posing an increased level of risk.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization correlates information from monitoring physical, cyber, and supply chain activities to achieve integrated, organization-wide situational awareness.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system monitors outbound communications traffic at an organization-defined frequency for unusual or unauthorized activities or conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of privileged users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of individuals during organization-defined probationary period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system alerts organization-defined personnel or roles when organization-defined compromise or potential compromise indicators occur.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization connects and configures individual intrusion detection tools into an information system-wide intrusion detection system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests intrusion-monitoring tools organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system detects network services that have not been authorized or approved by organization-defined authorization or approval processes and audits the event and/or alerts organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization makes provisions so that organization-defined encrypted communications traffic is visible to organization-defined information system monitoring tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.
|
1.0 |
