| Trustmark Definition Name | Version |
|---|---|
|
Specifies that a health care related organization must implement procedures to protect electronic protected health information from improper alteration or destruction and must implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for interconnection security agreements as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization physically separates Internet facing (web servers, portal servers, etc.) virtual machines from virtual machines that process sensitive information internally.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization separates Internet facing virtual machines with virtual firewalls.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to monitor intrusion alarms and surveillance equipment.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for inventory of physical access devices as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for key and combination changes as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses requirements for protection of PKI private keys during transfer.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the LASO ensures that the approved and appropriate security measures are in place and working as expected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the LASO ensure that personnel security screening procedures are being followed as stated in the CJIS Security Policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the LASO has identified and documented how equipment is connected to the state system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the LASO has identified who is using the CSA approved hardware, software, and firmware and ensured only authorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the LASO supports policy compliance and ensures the CSA ISO is promptly informed of security incidents.
|
1.0 |
|
Addresses the requirement for the latency of PKI certificate status information distributed on-line by organization PKI certificate authorities (CAs) to meet the requirements for CRL issuance stated in the corresponding certificate policy
|
1.0 |
|
Addresses the requirement for the latency of PKI certificate status information distributed on-line by organization PKI certificate authorities (CAs) to meet or exceed the requirements for CRL issuance stated in the corresponding certificate policy
|
1.0 |
|
Addresses the requirement for the latency of PKI certificate status information distributed on-line by organization delegated status responders to meet or exceed the requirements for CRL issuance stated in the corresponding certificate policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies software programs authorized to execute on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization regularly reviews and updates the list of authorized software programs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure ports.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure protocols.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents program execution in accordance with organization-defined policies and rules.
|
1.0 |
