| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide the devices' equipment authorizations if they are to be included in the certificate.
|
1.0 |
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide equipment identification information (e.g., serial number).
|
1.0 |
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide the devices' public keys.
|
1.0 |
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide service name information (e.g., DNS name).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements spyware protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs spyware protection at mobile computing devices on the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs spyware protection at servers on the network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs spyware protection at workstations on the network.
|
1.0 |
|
Addresses requirements for establishing that an organization requires a State Government-issued Picture I.D. for the purpose of identity proofing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the State appointed a Compact Officer pursuant to the National Crime Prevention and Privacy Compact.
|
1.0 |
|
Addresses the requirement to review the authorization status of devices named as the subject of a PKI certificate when their human sponsor is changed.
|
1.0 |
|
Addresses the requirement for activation data used to unlock Organization CA private keys to have an appropriate level of strength for the keys or data to be protected.
|
1.0 |
|
Addresses the requirement for activation data used to unlock subscriber private keys to have an appropriate level of strength for the keys or data to be protected.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for strong authenticators for non-local maintenance sessions as related to overall maintenance requirements.
|
1.0 |
|
Addresses the requirement for the subjectName DN of a group PKI certificate to not imply that the subject is a single individual, e.g. by inclusion of a human name form.
|
1.0 |
|
Addresses the requirement for subscriber acknowledgement of delivery of private keys.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance for PKI administrators to not issue subscriber certificates.
|
1.0 |
|
Addresses the requirements for determining that an organization permits PKI certificate subscribers to use their current signature key to identify themselves for re-keying their certificates.
|
1.0 |
|
Addresses the requirement for subscribers of of organization PKI certificate authorities to identify themselves for the purpose of re-keying.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for supervision of maintenance personnel as related to overall maintenance requirements.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to protect against supply chain threats for information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts an assessment of the information system, system component, or information system service prior to selection, acceptance, or update.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to ensure an adequate supply of organization-defined critical information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes and retains unique identification of organization-defined supply chain elements, processes, and actors for the information system, system component, or information system service.
|
1.0 |
