| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection - updates as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all computing devices on the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms at critical points throughout the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all servers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all workstations.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for malicious code protection employed at information system exit points as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that malicious code protection is enabled on all systems and devices where it is installed,.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined security safeguards to authenticate organization-defined remote commands.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically updates malicious code protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization centrally manages malicious code protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system detects organization-defined unauthorized operating system commands through the kernel application programming interface at organization-defined information system hardware components and issues a warning; audits the command execution; and/or prevents the execution of the command.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization incorporates the results from malicious code analysis into organizational incident response and flaw remediation processes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined tools and techniques to analyze the characteristics and behavior of malicious code.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements nonsignature-based malicious code detection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests malicious code protection mechanisms at an organization-defined frequency by introducing a known benign, non-spreading test case into the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system updates malicious code protection mechanisms only when directed by a privileged user.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization verifies that both detection of test cases of malicious code protection mechanisms and associated incident reporting occur.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for management of information system external interfaces as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security perimeters defined, controlled and secured in a manner acceptable to an authorized approving party.
|
1.0 |
|
This Trustmark Definition addresses the requirement for organizations to enforce a mandatory access control policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manually records system activities where automation is not used.
|
1.0 |
|
Addresses the requirement for organizations to require PKI certificate subscribers to re-establish their identity within an organization defined time period from the time of initial registration.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for media access as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes an organization-defined information system media downgrading process that includes employing downgrading mechanisms with organization-defined strength and integrity.
|
1.0 |
