| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization monitors organization-defined open source information and/or information sites at an organization-defined frequency for evidence of unauthorized disclosure of organizational information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews the open source information sites being monitored at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of external provider security compliance as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of individuals' basic security awareness training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of individuals' specific information system security training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of information system external boundary as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of information system internal boundaries as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of software installation policy compliance as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of system maintenance activity as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of visitor activity as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to recognize organization-defined classes/types of intrusions and initiate organization-defined response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors physical access to the information system in addition to the physical access monitoring of the facility as [Assignment: organization-defined physical spaces containing one or more components of the information system].
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs video surveillance of organization-defined operational areas and retains video recordings for organization-defined time period.
|
1.0 |
|
Addresses the requirement for multi-person control of organization CA private signature key backups.
|
1.0 |
|
Addresses backup handling for keys used with PKI.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for multifactor authentication for network access to privileged accounts as related to overall identification and authentication requirements.
|
1.0 |
|
Addresses the requirement for multiparty control for CA key pair generation for an organization's PKI certificate authorities.
|
1.0 |
|
Addresses requirements for names used in PKI certificates to identify the person or object to which they are assigned.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that NCIC and III transaction logs include appropriate content.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization maintains a log of all NCIC and III transactions for a minimum of one (1) year.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization authorizes network access to privileged commands.
|
1.0 |
|
Addresses the requirement that only network connections related to the operation of a PKI Certificate Authority are installed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system terminates the network connection associated with a communications session at the end of the session.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system terminates the network connection associated with a communications session after an organization-defined time period of inactivity.
|
1.0 |
