| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for the latency of PKI certificate status information distributed on-line by organization PKI certificate authorities (CAs) to meet or exceed the requirements for CRL issuance stated in the corresponding certificate policy
|
1.0 |
|
Addresses the requirement for the latency of PKI certificate status information distributed on-line by organization delegated status responders to meet or exceed the requirements for CRL issuance stated in the corresponding certificate policy.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 5(1)(a).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies software programs authorized to execute on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization regularly reviews and updates the list of authorized software programs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure ports.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure protocols.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the information system to identify unnecessary and/or nonsecure services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents program execution in accordance with organization-defined policies and rules.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures compliance with organization-defined registration requirements for functions, ports, protocols, and services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs an allow-all, deny-by-exception policy to prohibit the execution of unauthorized software programs on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies software programs not authorized to execute on the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization regularly reviews and updates the list of unauthorized software programs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables functions within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables ports within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables protocols within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables services within the information system deemed to be unnecessary and/or nonsecure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs the principle of least privilege.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents organization-defined software from executing at higher privilege levels than users executing the software.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits privileged access to the information system by non-organizational users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reassigns or removes privileges, if necessary, to correctly reflect organizational mission/business needs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the privileges assigned to organization-defined roles or classes of users to validate the need for such privileges at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides separate processing domains to enable finer-grained allocation of user privileges.
|
1.0 |
