| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system user documentation - user security functions as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system user documentation - user security responsibilities as related to overall system and services acquisition requirements.
|
1.0 |
|
Addresses the requirement for an organization to account for which subscriber had control of the private key for a group PKI certificate at a given time.
|
1.0 |
|
Addresses requirements for ensuring control of the private keys for group PKI certificates.
|
1.0 |
|
Addresses requirements for an organization to maintain a list of subscribers who have access to use of the private key for group PKI certificates.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for initial authenticator content as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for initial basic security awareness training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for initial contingency planning training as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for initial incident response training as related to overall incident response requirements.
|
1.0 |
|
Addresses the requirement for organizations to require subscribers go through the initial registration process after a certificate has been revoked.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for initial role-based security training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts information input to any connection to services processing sensitive information to only authorized personnel.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements an insider threat program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's insider threat program includes a cross-discipline insider threat incident handling team.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an integrated team of forensic/malicious code analysts, tool developers, and real-time operations personnel.
|
1.0 |
|
Specifies that a health care related organization must have policies to protect electronic protected health information from improper alteration or destruction and must have policies for electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to protect electronic protected health information from improper alteration or destruction and must implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for interconnection security agreements as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs security compliance checks on constituent system components prior to the establishment of the internal connection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization physically separates Internet facing (web servers, portal servers, etc.) virtual machines from virtual machines that process sensitive information internally.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization separates Internet facing virtual machines with virtual firewalls.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to monitor intrusion alarms and surveillance equipment.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for inventory of physical access devices as related to overall physical and environmental protection requirements.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 38(1).
|
1.0 |
|
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to acceptable use of information and other associated assets.
|
2022 |
