| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization's security perimeters defined, controlled and secured in a manner acceptable to an authorized approving party.
|
1.0 |
|
This Trustmark Definition addresses the requirement for organizations to enforce a mandatory access control policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manually records system activities where automation is not used.
|
1.0 |
|
Addresses the requirement for organizations to require PKI certificate subscribers to re-establish their identity within an organization defined time period from the time of initial registration.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for media access as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an organization-defined information system media downgrading process that includes employing downgrading mechanisms with organization-defined strength and integrity.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies organization-defined information system media requiring downgrading.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization downgrades identified information system media using its established process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization downgrades information system media containing organization-defined Controlled U.S. Unclassified Information (CUI) prior to public release in accordance with applicable federal and organizational standards and policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents information system media downgrading actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined tests of downgrading equipment and procedures to verify correct performance at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization downgrades information system media containing U.S. classified information prior to release to individuals without required access authorizations in accordance with National Security Agency (NSA) standards and policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization exempts organization-defined types of information system media from marking as long as the media remain within organization-defined controlled areas.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization marks information system media indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for documented media protection policy as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for media sanitization mechanism strength as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization enforces dual authorization for the sanitization of organization-defined information system media.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests sanitization equipment and procedures at an organization-defined frequency to verify that the intended sanitization is being achieved.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization applies nondestructive sanitization techniques to portable storage devices prior to connecting such devices to the information system under organization-defined circumstances.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides the capability to purge/wipe information from organization-defined information systems, system components, or devices either remotely or under the following conditions: organization-defined conditions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews, approves, tracks, documents, and verifies media sanitization and disposal actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an rganization physically controls and securely stores organization-defined types of digital and/or non-digital media within organization-defined controlled areas.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects information system media until the media are destroyed or sanitized using approved equipment, techniques, and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to restrict access to media storage areas and to audit access attempts and access granted.
|
1.0 |
