| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization ensures compliance with organization-defined registration requirements for functions, ports, protocols, and services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies software programs not authorized to execute on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization regularly reviews and updates the list of unauthorized software programs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables functions within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables ports within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables protocols within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables services within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs the principle of least privilege.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents organization-defined software from executing at higher privilege levels than users executing the software.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits privileged access to the information system by non-organizational users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the privileges assigned to organization-defined roles or classes of users to validate the need for such privileges at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides separate processing domains to enable finer-grained allocation of user privileges.
|
1.0 |
|
Addresses the requirement for a list of those holding the shared private key for a group PKI certificate to be provided to the applicable certificate authority.
|
1.0 |
|
Addresses the requirement for a list of those holding the shared private key for a group PKI certificate to be retained by the applicable certificate authority.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that systems' malicious code protection is kept current.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization has a local policy to validate a requestor of sensitive information as an authorized recipient before it is disseminated.
|
1.0 |
|
Addresses the requirement for the location of the facilities housing organization Certificate Authority (CA) equipment to be consistent with facilities used to house high value, sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization positions information system components within the facility to minimize potential damage from defined physical and environmental hazards.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization positions information system components within the facility to minimize the opportunity for unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization plans the location or site of the facility where the information system resides with regard to physical and environmental hazards and for existing facilities, considers the physical and environmental hazards in its risk mitigation strategy.
|
1.0 |
|
Addresses the requirement for the responsibility of physical security checks of equipment to be logged.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for logical separation of publicly accessible information system components as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner (generic) as related to overall access control requirements.
|
1.0 |
