Trustmark Definition Name | Version |
---|---|
Defines conformance and assessment criteria for verifying that an organization correlates information from monitoring tools employed throughout the information system.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization implements organization-defined host-based monitoring mechanisms at organization-defined information system components.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system monitors inbound communications traffic at an organization-defined frequency for unusual or unauthorized activities or conditions.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system discovers, collects, distributes, and uses indicators of compromise.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of individuals who have been identified by organization-defined sources as posing an increased level of risk.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization correlates information from monitoring physical, cyber, and supply chain activities to achieve integrated, organization-wide situational awareness.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system monitors outbound communications traffic at an organization-defined frequency for unusual or unauthorized activities or conditions.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of privileged users.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization implements organization-defined additional monitoring of individuals during organization-defined probationary period.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system alerts organization-defined personnel or roles when organization-defined compromise or potential compromise indicators occur.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization connects and configures individual intrusion detection tools into an information system-wide intrusion detection system.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization tests intrusion-monitoring tools organization-defined frequency.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system detects network services that have not been authorized or approved by organization-defined authorization or approval processes and audits the event and/or alerts organization-defined personnel or roles.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization makes provisions so that organization-defined encrypted communications traffic is visible to organization-defined information system monitoring tools.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization employs an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization partitions the information system into organization-defined information system components residing in separate physical domains or environments based on organization-defined circumstances for physical separation of components.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization protects backup and restoration hardware, firmware, and software.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization provides the capability to restore information system components within a defined restoration time-periods from configuration-controlled and integrity-protected information representing a known, operational state for the components.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system implements transaction recovery for systems that are transaction-based.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for information system risk assessment implementation as related to overall risk assessment requirements.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for information system risk assessment results reviewed as related to overall risk assessment requirements.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for information system risk assessment updates as related to overall risk assessment requirements.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for information system security categorization review and approval as related to overall risk assessment requirements.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for information system user documentation - methods of secure user interaction as related to overall system and services acquisition requirements.
|
1.0 |