| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator default content as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator distribution procedures as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator distribution verification as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator feedback as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator lifetime as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy organization-defined requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for biometric-based authentication, employs mechanisms that satisfy organization-defined biometric quality requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires developers/installers of information system components to provide unique authenticators or change default authenticators prior to delivery/installation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization coordinates with organization-defined external organizations for cross-organization management of credentials.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system dynamically provisions identities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prohibits the use of cached authenticators after organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses only FICAM-approved path discovery and validation products and services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the registration process to receive organization-defined types of and/or specific authenticators be conducted in person before a defined registration authority with authorization by organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, for PKI-based authentication, employs a deliberate organization-wide methodology for managing the content of PKI trust stores installed across all platforms including networks, operating systems, browsers, and applications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined security safeguards to manage the risk of compromise due to individuals having accounts on multiple information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication implements a local cache of revocation data.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication enforces authorized access to the corresponding private key.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication maps the authenticated identity to the account of the individual or group.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the registration process to receive organization-defined types of and/or specific authenticators be conducted by a trusted third party before organization-defined registration authority with authorization by organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator protection as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator refresh as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator reuse conditions as related to overall identification and authentication requirements.
|
1.0 |
