| Trustmark Definition Name | Version |
|---|---|
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 6(1)(c).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 6(1)(f).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 82(2)-(3).
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to use time-limited setup passwords that auto-disable after configuration completion, across all of its product and service offerings.
|
1.0 |
|
Addresses the requirement for a list of those holding the shared private key for a group PKI certificate to be provided to the applicable certificate authority.
|
1.0 |
|
Addresses the requirement for a list of those holding the shared private key for a group PKI certificate to be retained by the applicable certificate authority.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that systems' malicious code protection is kept current.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization has a local policy to validate a requestor of sensitive information as an authorized recipient before it is disseminated.
|
1.0 |
|
Addresses the requirement for the location of the facilities housing organization Certificate Authority (CA) equipment to be consistent with facilities used to house high value, sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization positions information system components within the facility to minimize potential damage from defined physical and environmental hazards.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization positions information system components within the facility to minimize the opportunity for unauthorized access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization plans the location or site of the facility where the information system resides with regard to physical and environmental hazards and for existing facilities, considers the physical and environmental hazards in its risk mitigation strategy.
|
1.0 |
|
Addresses the requirement for the responsibility of physical security checks of equipment to be logged.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for logical separation of publicly accessible information system components as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner (generic) as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner (U.S. federal government) as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner acknowledgement as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for login banner for publicly accessible systems as related to overall access control requirements.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to implement a machine-readable vulnerability disclosure policy (VDP), e.g., in a 'security.txt' file, for accessibility by vulnerability researchers.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of list for authorized physical access as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses the requirement for the state of PKI hardware modules to be maintained until subscribers accept possession.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 30(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 30(2).
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of visitor access records as related to overall physical and environmental protection requirements.
|
1.0 |
