| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements for organizations to explicitly state the default usage of sensitive information.
|
1.0 |
|
Defines privacy requirements related to the establishment of the identity of the data controller.
|
1.0 |
|
Defines privacy requirements related legal exemptions from the need to communicate privacy policies to individuals whose sensitive information is being collected.
|
1.0 |
|
Defines privacy requirements for organizations to avoid frequent modification of privacy policy statements.
|
1.0 |
|
Defines privacy requirements for organizations to avoid arbitrary modification of privacy policy statements.
|
1.0 |
|
Defines privacy requirements for organizations to have a policy of openness with respect policies related to sensitive information.
|
1.0 |
|
Defines privacy requirements related to openness and transparency of sensitive information policies.
|
1.0 |
|
Defines privacy requirements for organizations to have a policy of openness with respect practices related to sensitive information.
|
1.0 |
|
Defines privacy requirements related to openness and transparency of sensitive information handling procedures.
|
1.0 |
|
Defines privacy requirements related to the understandability of sensitive information handling procedures.
|
1.0 |
|
Defines privacy requirements related to the establishment of the usual residence of the data controller.
|
1.0 |
|
Defines privacy requirements for organizations to state how long individuals' sensitive information will be stored and used.
|
1.0 |
|
Defines privacy requirements related to the technologies used that affect individuals and-or their sensitive information.
|
1.0 |
|
Defines privacy requirements for organizations to explicitly state any plans to share information with other parties at the time of its collection.
|
1.0 |
|
Defines privacy requirements for organizations to explicitly state at the time of its collection all the ways that the information might be used.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined operations security safeguards to protect key organizational information throughout the system development life cycle.
|
1.0 |
|
Addresses the requirement for all FIPS-approved signature algorithms to be considered acceptable.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization permits the FBI to perform periodic penetration testing.
|
1.0 |
|
Addresses the requirement for organization certificate authorities to verify the source of certificate requests before issuance.
|
1.0 |
|
Addresses requirements for organization Certificate Authorities (CA's) to enforce name uniqueness.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization is eligible to access CJI per the requirements of the CJIS Security Policy.
|
1.0 |
|
Addresses the requirement for organizations seeking to cross-certify with the FBCA to fulfill the application requirements as specified in the U.S. Government Public Key Infrastructure Cross-Certification Criteria and Methodology.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has not made any modifications to the CJIS Security Addendum.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an NCJA has signed and executed a management control agreement (MCA) with the CJA.
|
1.0 |
|
Addresses requirements for an organization's certificate authorities (CAs) to identify an authority responsible for name uniqueness in its PKI certificates.
|
1.0 |
