| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for out of cycle role-based security training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined out-of-band channels for the physical delivery or electronic transmission of organization-defined information, information system components, or devices to organization-defined individuals or information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to ensure that only organization-defined individuals or information systems receive the organization-defined information, information system components, or devices.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for oversight of external information system services as related to overall system and services acquisition requirements.
|
1.0 |
|
Addresses quality checking for key generation parameters for use with PKI
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's information exchange agreements are supported by documentation committing both parties to the terms of information exchange.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits users from using the same password or PIN in the same logon sequence.
|
1.0 |
|
Addresses the requirement for changing activation passwords when PKI certificate authority signing keys are re-keyed.
|
1.0 |
|
This Trustmark Definition enables organizations to be assessed and demonstrate that passwords are not used as activation data for their PKI Certificate Authority signing keys.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts penetration testing on organization-defined information systems or system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs an independent penetration agent or penetration team to perform penetration testing on the information system or system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs red team exercises to simulate attempts by adversaries to compromise organizational information systems in accordance with organization-defined rules of engagement.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for performance of system maintenance as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prominently posts the perimeter of secure locations and separates them from non-secure locations by physical controls.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic basic security awareness training as related to overall awareness and training requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic contingency planning training as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic incident response training as related to overall incident response requirements.
|
1.0 |
|
Specifies that a health care related organization must perform a periodic nontechnical evaluation that establishes the extent to which the organization's security policies meet requirements.
|
1.0 |
|
Specifies that a health care related organization must perform a periodic nontechnical evaluation that establishes the extent to which the organization's implemented security procedures meet requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic review and update of interconnection security agreements as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic review of incident response plan as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic review of list authorized for physical access as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic review of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic review of visitor access records as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for periodic role-based security training as related to overall awareness and training requirements.
|
1.0 |
