| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for reporting of suspected security weaknesses as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for reporting of suspected security weaknesses as related to overall incident response requirements.
|
1.1 |
|
Addresses the requirement for a request to revoke a certificate to explain the reason for revocation.
|
1.0 |
|
Addresses the requirement for a request to revoke a PKI certificate to identify the certificate to be revoked.
|
1.0 |
|
Addresses the requirement for requests to revoke a certificate to permit the request to be authenticated through a digital signature.
|
1.0 |
|
Addresses the requirement for requests to revoke a certificate to permit the request to be authenticated through a manual signature.
|
1.0 |
|
Addresses the requirement for two person control to be enforced.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system protects the availability of resources by allocating organization-defined resources by priority, quota, and/or organization-defined security safeguards.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides a warning when audit record storage is low.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces configurable network communications traffic volume thresholds reflecting limits on auditing capacity and rejects or delays network traffic above those thresholds.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides an alert on audit failure events.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system invokes a full system shutdown, partial system shutdown, or degraded operational mode in the event of audit failures, unless an alternate audit capability exists.
|
1.0 |
|
Addresses the requirement for a person shall be made explicitly responsible for making security checks.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for organizations to assign responsibility for their PKI Certificate Authority operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts privileged accounts to identified personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization only permit the use of shared/group accounts that meet organization-defined conditions for establishing shared/group accounts.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for retention of individual training records as related to overall awareness and training requirements.
|
1.0 |
|
Addresses requirements for rentention and protection of old PKI Certificate Authority private signing keys.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of access agreements as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of identification and authentication policy as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of identification and authentication procedures as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of incident response policy as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of incident response procedures as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of media protection policy as related to overall media protection requirements.
|
1.0 |
