| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization uses formal procedures to securely dispose of media when it is no longer required.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for physical security incident detection and response as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for physical separation of publicly accessible information system components as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has established minimum PIN complexity requirements.
|
1.0 |
|
Addresses naming requirements for End Entity certificates issued for PIV-I cards.
|
1.0 |
|
Addresses multi-party control requirements for the activation of PIV-I content signing keys.
|
1.0 |
|
Addresses the requirement for PIV-I Hardware certificates, to be used for digital signatures and/or authentication, and PIV-I Card Authentication certificates, subscriber key generation to be performed on hardware tokens that meet the requirements of FBCA CP Appendix A.
|
1.0 |
|
Addresses the requirements for the expiration of PIV-I subscriber certificates.
|
1.0 |
|
Addresses organizational requirements for PKI hardware to enforce separation of duties.
|
1.0 |
|
Addresses the requirement for activation data to transmitted via a protected channel.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with FBCA requirements for the Administrator Role.
|
1.0 |
|
Addresses the requirement for affiliated organizations with respect to affiliation of subscribers to their organization.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for audit record retention as related to overall audit and accountability requirements.
|
1.0 |
|
Addresses the requirement for organizations to submit a PKI compliance audit package to the FPKIPA on an annual basis.
|
1.0 |
|
Addresses the requirement for the individual who removes audit logs from the Organization CA system shall be an official different from the individuals who, in combination, command the Organization CA signature key.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with FBCA requirements for the Auditor Role.
|
1.0 |
|
Addresses the requirement for PKI auditors to demonstrate competence in the field of compliance audits.
|
1.0 |
|
Addresses requirement s to ensure independence and objectivity of PKI compliance auditors.
|
1.0 |
|
Addresses the requirement PKI Authorities to convey subscriber responsibilities to them before use of its private key.
|
1.0 |
|
Addresses key usage bit settings for CA certificates issued by organization Cas.
|
1.0 |
|
Addresses the requirement for organization PKI CA certificates to not include critical private extensions.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for reporting of suspected incidents as related to overall incident response requirements.
|
1.0 |
|
Addresses the requirement for an organization's PKI certificate authorities (CAs) to publish certificate revocation lists (CRLs)
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) either must establish key rollover certificates as described above or must obtain a new CA certificate for the new public key from the issuers of their current certificates.
|
1.0 |
