| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement to document training awareness plans for significant changes to PKI operations.
|
1.0 |
|
Addresses the requirement for a trusted agent of the issuer to perform biometric 1:1 matching for resetting PKI private key activation data..
|
1.0 |
|
Addresses the requirement for individuals may only assume one of the Officer, Administrator, and Auditor roles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for plan of action and milestones development as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are reported in accordance with U.S. Office of Management and Budget (OMB) Federal Information Security Modernization Act (FISMA) reporting requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to organizational assets.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to organizational operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to other organizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to the Nation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews plans of action and milestones for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are developed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems are maintained.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to help ensure that the plan of action and milestones for the information system is accurate, up to date, and readily available.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system includes: organization-defined platform-independent applications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has developed policies based on state and local privacy rules for handling PII extracted from sensitive information.
|
1.0 |
|
Specifies the that a health care related organization must implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart (Section 164.300-399), taking into account the organization's size, complexity, capabilities, the costs and risks associated with security, and other factors.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization physically disables or removes organization-defined connection ports or input/output devices on organization-defined information systems or information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs personal firewalls on portable devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects power equipment and power cabling for the information system from damage and destruction.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automatic voltage controls for organization-defined critical information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs redundant power cabling paths that are physically separated by organization-defined distance.
|
1.0 |
|
Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines mean time to failure (MTTF) for organization-defined information system components in specific environments of operation.
|
1.0 |
