| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization requires all mobile devices to be patched prior to accessing CJI.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's Mobile Device Management (MDM) solution provides the ability to set and lock the configuration of devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization preclude devices that have had any unauthorized changes made to them from being used to to process, store, or transmit sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for mobile device usage restrictions as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that mobile devices functioning as a wireless access point are configured in accordance with all requirements applicable to the organization's other wireless access points.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that mobile devices functioning as a wireless access point are configured to only allow connections from devices authorized by the organization.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has a documented process to approve the use of specific software or applications on smartphones and tablets that access sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors mobile devices not capable of providing required audit and accountability on their own accord.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization immediately wipes the contents of organization controlled smartphones and tablets authorized to access sensitive information when they are lost or stolen.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response reporting and handling procedures address scenarios involving mobile devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response reporting and handling procedures address the compromise of mobile devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response reporting and handling procedures address the loss or compromise of mobile devices outside of the United States.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response reporting and handling procedures address scenarios the loss of control of mobile devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's incident response reporting and handling procedures address scenarios the total loss of mobile devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has the ability to determine the location of organization controlled smartphones and tablets when lost or stolen.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors mobile devices not capable of an always-on cellular connection to ensure their patch and update state is current.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored certificates used to authenticate a mobile device are protected against being extracted from the device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored cryptographic keys used to authenticate a mobile device are protected against being extracted from the device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored certificates used to authenticate a mobile device are configured for remote wipe on demand.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored certificates used to authenticate a mobile device are configured for self-deletion based on a number of unsuccessful login or access attempts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored cryptographic Keys used to authenticate a mobile device are configured for remote wipe on demand.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that stored cryptographic Keys used to authenticate a mobile device are configured for self-deletion based on a number of unsuccessful login or access attempts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization configures mobile devices to use use a secure authenticator (i.e. password, PIN) to unlock stored certificates used to authenticate the device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization configures mobile devices to use use a secure authenticator (i.e. password, PIN) to unlock stored cryptographic keys used to authenticate the device.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring and control of configuration settings as related to overall configuration management requirements.
|
1.0 |
