| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization requests Telecommunications Service Priority for all telecommunications services used for national security emergency preparedness in the event that the primary and/or alternate telecommunications services are provided by a common carrier.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes alternate telecommunications services including necessary agreements to permit the resumption of information system operations for essential missions and business functions when primary telecommunications capabilities are unavailable.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assesses as feasible, the effectiveness of security controls at alternate work sites.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides a means for employees to communicate with information security personnel in case of security incidents or problems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs [Assignment: organization-defined security controls] at alternate work sites.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs alternative or supplemental security mechanisms for satisfying security functions when the primary means of implementing the security function is unavailable or compromised.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to permit an individual to request that a covered entity amend, in a timely manner, protected health information or a record about the individual, subject to certain restrictions and limitations.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice RV.3: Analysis of Vulnerabilities to Identify Their Root Causes. Requires an organization to help reduce the frequency of vulnerabilities in the future.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for analysis of vulnerability scan reports as related to overall risk assessment requirements.
|
1.0 |
|
Addresses the requirement for annual PKI compliance audits.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization physically or logically separates user interface services from information storage and management services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system separates user functionality (including user interface services) from information system management functionality.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents the presentation of information system management-related functionality at an interface for non-privileged users.
|
1.0 |
|
Addresses the requirement that only applications related to the operation of a PKI Certificate Authority are installed.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 27(1).
|
1.0 |
|
Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by limiting disclosure to required or permitted uses.
|
1.0 |
|
Specifies that a covered entity must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information by preventing disclosure that is in violation of regulations.
|
1.0 |
|
Specifies that a covered entity must have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for approval of non-local maintenance as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for approval of system maintenance activities as related to overall maintenance requirements.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.3: Archival and Protection of Each Software Release. Requires an organization to preserve software releases in order to help identify, analyze, and eliminate vulnerabilities discovered in the software after release.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for assessment of security controls as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization carefully assess the inventory of components that compose their information systems to determine applicable security controls.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice RV.2: Assessment, Prioritization, and Remediation of Vulnerabilities. Requires an organization to help ensure that vulnerabilities are remediated in accordance with risk to reduce the window of opportunity for attackers.
|
1.1 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined asset location technologies to track and monitor the location and movement of organization-defined assets within organization-defined controlled areas.
|
1.0 |
