| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are reported in accordance with U.S. Office of Management and Budget (OMB) Federal Information Security Modernization Act (FISMA) reporting requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to organizational assets.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to organizational operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to other organizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to the Nation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are developed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are maintained.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to help ensure that the plan of action and milestones for the information system is accurate, up to date, and readily available.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system includes: organization-defined platform-independent applications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has developed policies based on state and local privacy rules for handling PII extracted from sensitive information.
|
1.0 |
|
Specifies the that a health care related organization must implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart (Section 164.300-399), taking into account the organization's size, complexity, capabilities, the costs and risks associated with security, and other factors.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization physically disables or removes organization-defined connection ports or input/output devices on organization-defined information systems or information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs personal firewalls on portable devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects power equipment and power cabling for the information system from damage and destruction.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automatic voltage controls for organization-defined critical information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs redundant power cabling paths that are physically separated by organization-defined distance.
|
1.0 |
|
Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines mean time to failure (MTTF) for organization-defined information system components in specific environments of operation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides substitute information system components and a means to exchange active and standby components at organization-defined mean time to failure (MTTF) substitution criteria.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, activates an organization-defined alarm and/or automatically shuts down the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides real-time or near real-time organization-defined failover capability for the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manually initiates transfers between active and standby information system components at an organization-defined frequency if the mean time to failure exceeds an organization-defined time period.
|
1.0 |
