| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner (U.S. federal government) as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner acknowledgement as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner for publicly accessible systems as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of list for authorized physical access as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses the requirement for the state of PKI hardware modules to be maintained until subscribers accept possession.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of visitor access records as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance personnel authorization as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that personnel performing maintenance and diagnostic activities on an information system processing, storing, or transmitting U.S. classified information are U.S. citizens.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that cleared foreign nationals (i.e., foreign nationals with appropriate security clearances), are used to conduct maintenance and diagnostic activities on U.S. classified information systems only when the systems are jointly owned and operated by the United States and foreign allied governments, or owned and operated solely by foreign allied governments.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that approvals, consents, and detailed operational conditions regarding the use of foreign nationals to conduct maintenance and diagnostic activities on U.S. classified information systems are fully documented within Memoranda of Agreements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops alternate security safeguards in the event an information system component cannot be sanitized, removed, or disconnected from the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements: Maintenance personnel who do not have needed access authorizations, clearances, or formal access approvals are escorted and supervised during the performance of maintenance and diagnostic activities on the information system by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization Implements alternate security safeguards in the event an information system component cannot be sanitized, removed, or disconnected from the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements procedures for the use of maintenance personnel that lack appropriate security clearances or are not U.S. citizens, that include the following requirements: Prior to initiating maintenance or diagnostic activities by personnel who do not have needed access authorizations, clearances or formal access approvals, all volatile information storage components within the information system are sanitized and all nonvolatile storage media are removed or physically disconnected from the system and secured.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that non-escorted personnel performing maintenance activities not directly associated with the information system but in the physical proximity of the system, have required access authorizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that personnel performing maintenance and diagnostic activities on an information system processing, storing, or transmitting U.S. classified information possess security clearances and formal access approvals for at least the highest classification level and for all compartments of information on the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization approves information system maintenance tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization controls information system maintenance tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors information system maintenance tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization checks media containing diagnostic and test programs for malicious code before the media are used in the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization inspects the maintenance tools carried into a facility by maintenance personnel for improper or unauthorized modifications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized removal of maintenance equipment containing organizational information by sanitizing the equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized removal of maintenance equipment containing organizational information by destroying the equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized removal of maintenance equipment containing organizational information by obtaining an exemption from organization-defined personnel or roles explicitly authorizing removal of the equipment from the facility.
|
1.0 |
