Trustmark Definitions (2751-2775 of 3493)

Trustmark Definition Name	Version
Publication of CVE Issuance Policy XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publicly document its common vulnerability and exposure (CVE) issuance policies and also encourage CVE filing for lower-severity vulnerabilities.	1.0
Publication of CVE Root Cause Analyses XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish root-cause analyses of common vulnerabilities and exposures (CVEs), across all of its product and service offerings.	1.0
Publication of Default Password Usage Statistics XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to periodically publish statistics on its products that are still using default passwords, as well as progress of customer efforts to migrate away from default passwords.	1.0
Publication of MFA Adoption Statistics XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to periodically publish aggregate statistics on the adoption of multi-factor authentication (MFA) within its products and services, categorized by user type and MFA method.	1.0
Publication of Patch Adoption Rates XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish patch adoption rates by product version over time, across all of its product and service offerings.	1.0
Publication of Supplemental Monitoring Guidance XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish monitoring guidance for products that lack a cybersecurity incident logging capability, across all of its product and service offerings.	1.0
Publication of VDP Authorizing Public Product Testing XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish a vulnerability disclosure policy (VDP) that authorizes public testing of its products and services, and prohibits legal action against good-faith researchers who engage in such testing.	1.0
Publicly Accessible Content - Authorization to Post To Public System XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for publicly accessible content - authorization to post to public system as related to overall access control requirements.	1.0
Publicly Accessible Content - Review of Posted Content XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for publicly accessible content - review of posted content as related to overall access control requirements.	1.0
Publicly Accessible Content - Review Prior To Public Posting XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for publicly accessible content - review prior to public posting as related to overall access control requirements.	1.0
Publicly Accessible Content - Training XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for publicly accessible content - training as related to overall access control requirements.	1.0
Purpose Limitation for Collected Personal Data XML \| JSON \| Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 5(1)(b).	1.0
Random Instance-Unique Initial Passwords XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide random, instance-unique initial passwords for each product installation, across all of its product and service offerings.	1.0
Re-Acknowledgement Required For Updated System Rules of Behavior XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for re-acknowledgement required for updated system rules of behavior as related to overall security planning requirements.	1.0
Re-Authentication XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires users and devices to re-authenticate when organization-defined circumstances or situations occur.	1.0
Re-key Requests For New Public Keys Are Accepted From PKI Sponsors XML \| JSON \| Addresses the requirement for organization PKI certificate authorities (CAs) that support re-key, to accept requests for certification of a new public key for currently cross-certified Organization Principal CAs from the PKI sponsors.	1.0
Re-key Requests For New Public Keys Are Accepted From Subjects Of PKI Certificates XML \| JSON \| Addresses the requirement for organization PKI certificate authorities (CAs) that support re-key, to accept requests for certification of a new public key for currently cross-certified Organization Principal CAs from the subject of the certificate.	1.0
Re-screening of Authorized Individuals XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for re-screening of authorized individuals as related to overall personnel security requirements.	1.0
Re-Signing of Updated or Renewed Access Agreements XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for re-signing of updated or renewed access agreements as related to overall personnel security requirements.	1.0
REAL ID Act Compliant Picture ID Required For Identity Proofing XML \| JSON \| Addresses requirements for establishing that an organization requires a REAL ID Act compliant picture ID for the purpose of identity proofing.	1.0
Reasonable Retention of Logs at No Extra Cost XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to retain logs for a reasonable period (e.g., 6 months) at no extra cost for all of its cloud-based or Software-as-a-Service (SaaS) product and service offerings.	1.0
Recorded PKI Certificate Authority Record Archive Contents XML \| JSON \| Addresses the requirements for data to recorded for archive in accordance with assurance levels as outlined in the FBCA Certificate Policy	1.0
Records for Non-Local System Maintenance XML \| JSON \| Defines conformance and assessment criteria for compliance with minimum security requirements for records for non-local system maintenance as related to overall maintenance requirements.	1.0
Redress - Amendments XML \| JSON \| Defines privacy requirements related to the ability of individuals to amend inaccurate sensitive information about themselves.	1.0
Redress - Challenge Denial XML \| JSON \| Defines privacy requirements related to providing reasons why a challenge of information held by the sensitive information controller was denied.	1.0

This page is also available as JSON and XML.