| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system writes audit trails to hardware-enforced, write-once media.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization authorizes read-only access to audit information to an organization-defined subset of privileged users.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for protection of audit tools as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for protection of backup information as related to overall contingency planning requirements.
|
1.0 |
|
Addresses the requirement for the strength of the security controls shall protect the device's hardware, software, and the cryptographic token and its activation data from compromise.
|
1.0 |
|
Addresses the requirement for an organization to protect escrowed PKI keys at no less than the level of security in which they are generated, delivered, and/or protected by the subscriber.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system protects the confidentiality of [Assignment: organization-defined information at rest].
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system protects the integrity of [Assignment: organization-defined information at rest].
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to prevent unauthorized disclosure and modification of [Assignment: organization-defined information] on [Assignment: organization-defined information system components].
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization removes from online storage and stores off-line in a secure location organization-defined information.
|
1.0 |
|
Addresses the requirement for all copies of CA private signature keys to be protected in the same manner as the original.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 15(3).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 13(2).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 14(2).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 13(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 14(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 14(3).
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PS.2: Provision of a Mechanism for Verifying Software Release Integrity. Requires an organization to help software acquirers ensure that the software they acquire is legitimate and has not been tampered with.
|
1.1 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 20(1).
|
1.0 |
|
Addresses naming requirements for PKI certificates.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(7).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 6(1)(e).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization issues public key certificates under an [Assignment: organization-defined certificate policy].
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization obtains public key certificates from an approved service provider.
|
1.0 |
|
Addresses the requirements for limiting the lifetime of public keys for PKI certificates used to sign code and content.
|
1.0 |
