| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization provides substitute information system components and a means to exchange active and standby components at organization-defined mean time to failure (MTTF) substitution criteria.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, activates an organization-defined alarm and/or automatically shuts down the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides real-time or near real-time organization-defined failover capability for the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manually initiates transfers between active and standby information system components at an organization-defined frequency if the mean time to failure exceeds an organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, ensures that the standby components are successfully and transparently installed within organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization takes information system components out of service by transferring component responsibilities to substitute components no later than anorganization-defined fraction or percentage of mean time to failure.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to enforce use of parameterized database queries to prevent SQL injection attacks, across all of its product and service offerings.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies the user, upon successful logon (access), of additional organization-defined information along with the date and time of the last logon (access).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies the user of changes to organization-defined security-related characteristics/parameters of the user's account during an organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies the user of the number of successful logons/accesses, unsuccessful logon/access attempts, or during an organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies the user, upon successful logon/access, of the number of unsuccessful logon/access attempts since the last successful logon/access.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 36(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 35(9).
|
1.0 |
|
Defines privacy requirements for organizations to document the conditions and credentials by which access to and disclosure of records they retain will be provided within the center or in other organizations, and document the level of audit trail kept of access to and disclosure of information they retain.
|
1.0 |
|
Defines privacy requirements for organizations to document the conditions and credentials by which access to and disclosure of records they retain will be provided within the organization.
|
1.0 |
|
Defines privacy requirements for an organization to have a privacy oversight committee or team.
|
1.0 |
|
Defines privacy requirements for an organization to have a privacy oversight committee or team that will develop its privacy policy.
|
1.0 |
|
Defines privacy requirements for an organization to have a privacy oversight committee or team that will routinely review its privacy policy.
|
1.0 |
|
Defines privacy requirements for an organization to have a privacy oversight committee or team that will routinely update its privacy policy.
|
1.0 |
|
Defines privacy requirements for an organization to have a designated Privacy Officer.
|
1.0 |
|
Defines privacy requirements for ensuring that its designated Privacy Officer is trained.
|
1.0 |
|
Defines privacy requirements for organizations to review and update their privacy policy.
|
1.0 |
|
Defines privacy requirements for organizations to identify the individual will ultimately be held accountable for the operation of the system and for any problems or errors related to the organization's privacy policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains the accounting of disclosures for the life of the record or five years after the disclosure is made, whichever is longer.
|
1.0 |
