| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized removal of maintenance equipment containing organizational information by retaining the equipment within the facility.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized removal of maintenance equipment containing organizational information by verifying that there is no organizational information contained on the equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restricts the use of maintenance tools to authorized personnel only.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - employed at information system entry points as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - handling of false positives as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - periodic scans as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - real-time scans as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - updates as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all computing devices on the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms at critical points throughout the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all servers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all workstations.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection employed at information system exit points as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that malicious code protection is enabled on all systems and devices where it is installed,.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined security safeguards to authenticate organization-defined remote commands.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically updates malicious code protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization centrally manages malicious code protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system detects organization-defined unauthorized operating system commands through the kernel application programming interface at organization-defined information system hardware components and issues a warning; audits the command execution; and/or prevents the execution of the command.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization incorporates the results from malicious code analysis into organizational incident response and flaw remediation processes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined tools and techniques to analyze the characteristics and behavior of malicious code.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements nonsignature-based malicious code detection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests malicious code protection mechanisms at an organization-defined frequency by introducing a known benign, non-spreading test case into the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system updates malicious code protection mechanisms only when directed by a privileged user.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization verifies that both detection of test cases of malicious code protection mechanisms and associated incident reporting occur.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for management of information system external interfaces as related to overall system and communications protection requirements.
|
1.0 |
