| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization assigns organization-defined personnel or roles with responsibility for responding to information spills.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides information spillage response training organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - known administrative vulnerabilities as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - secure configuration as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system administrator documentation - use and maintenance as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts to access and-or modify system resources.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts for users to access, modify, or destroy the audit log file.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful system log-on attempts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts to change account passwords.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful actions by privileged accounts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization enforces dual authorization for the deletion or destruction of backup information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization stores backup copies of critical information system software and other security-related information in a fire-rated container that is not collocated with the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization accomplishes information system backup by maintaining a redundant secondary system that is not collocated with the primary system and that can be activated without loss of information or disruption to operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization stores backup copies of critical information system software and other security-related information in a separate facility that is not collocated with the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses a sample of backup information in the restoration of selected information system functions as part of contingency plan testing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests backup information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization transfers information system backup information to the alternate storage site at a defined time period and transfer rate consistent with its recovery time and recovery point objectives.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system component delivery and removal as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes in the information system component inventory information, a means for identifying individuals responsible/accountable for administering those components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes assessed component configurations and any approved deviations to current deployed configurations in the information system component inventory.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assigns organization-defined acquired information system components to an information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization receives an acknowledgement from the information system owner of the assignment of acquired information system components to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to support tracking of information system components by geographic location.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to help maintain an up-to-date, complete, accurate, and readily available inventory of information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization takesspecific actions when unauthorized components are detected.
|
1.0 |
