| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that organizational plans for conducting security monitoring activities associated with organizational information systems Continue to be executed in a timely manner.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that organizational plans for conducting security testing associated with organizational information systems continue to be executed in a timely manner.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that organizational plans for conducting security training associated with organizational information systems continue to be executed in a timely manner.
|
1.0 |
|
Specifies that a covered entity must provide a process for individuals to make complaints concerning the covered entity's policies and procedures.
|
1.0 |
|
Addresses requirements for process information depending upon the certificate level of assurance.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements underlying hardware separation mechanisms to facilitate process separation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system maintains a separate execution domain for each thread in organization-defined multi-threaded processing.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 10.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(a).
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for production of security assessment report as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents non-privileged users from executing privileged functions.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 22(1).
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to issue common vulnerability and exposure (CVE) notices promptly for all critical/high-impact vulnerabilities requiring customer action or under active exploitation, for all of its product and service offerings.
|
1.0 |
|
Addresses requirements for a party named in a PKI certificate that generates its own keys to prove possession of the private key that corresponds to the public key in the certificate request.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) to require that proof of all subject information changes be provided to a designated agent before a modified certificate is issued.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) to require that proof of all subject information changes be provided to a registration authority before a modified certificate is issued.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs), to verify proof of all subject information changes before a modified certificate is issued.
|
1.0 |
|
Addresses the requirement for the last person who departs the facility to initial a sign-out sheet asserting that all necessary physical protection mechanisms are in place and activated.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.1: Protection of All Forms of Code from Unauthorized Access and Tampering. Requires an organization to help prevent unauthorized changes to code, both inadvertent and intentional, which could circumvent or negate the intended security characteristics of the software. For code that is not intended to be publicly accessible, this helps prevent theft of the software and may make it more difficult or time-consuming for attackers to find vulnerabilities in the software.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for protection of audit information as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to protect the integrity of audit tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system backs up audit records at an organization-defined frequency onto a physically different system or system component than the system or component being audited.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to protect the integrity of audit information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization enforces dual authorization for movement and/or deletion of organization-defined audit information.
|
1.0 |
