| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization ensures that the sanitization or destruction of media is witnessed or carried out by authorized personnel.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of equipment to be removed for maintenance as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of media prior to disposal as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of media prior to release out of organizational control as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for sanitization of media prior to reuse as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for scheduling of system maintenance as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for screening of individuals prior to authorizing access as related to overall personnel security requirements.
|
1.0 |
|
Addresses the requirement for the secure delivery of PKI public keys to certificate authorities.
|
1.0 |
|
Addresses the requirement for secure delivery of PKI subscriber identities to certificate authorities for certificate issuance.
|
1.0 |
|
Addresses the requirement for secure delivert of PKI keys to subscribers.
|
1.0 |
|
Addresses the requirement for the secure distribution of self-signed PKI certificates.
|
1.0 |
|
Addresses the requirement for a PKI Certificate Authority to securely distribute its signature key pair when updated.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides data origin and integrity protection artifacts for internal name/address resolution queries.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for secure name and address resolution - architecture as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for secure name and address resolution - data origin and integrity verification as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for secure name and address resolution - fault tolerance as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for secure name and address resolution - recursive or caching resolver as related to overall system and communications protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for secure name and address resolution - security status of child zones as related to overall system and communications protection requirements.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide its product developers with secure-by-default libraries and functions that eliminate common classes of vulnerabilities.
|
1.0 |
|
Defines privacy requirements related to administrative safeguards for confidentiality of sensitive information.
|
1.0 |
|
Defines privacy requirements related to providing safeguards to ensure only authorized access to sensitive information.
|
1.0 |
|
Credential Service Providers must comply with security controls of NIST 800-53 for high impact systems or equivalent.
|
1.0 |
|
Credential Service Providers must comply with security controls of NIST 800-53 for low impact systems or equivalent.
|
1.0 |
|
Credential Service Providers must comply with security controls of NIST 800-53 for moderate impact systems or equivalent.
|
1.0 |
|
Defines privacy requirements for organizations to apply security measures to all potential storage of sensitive information.
|
1.0 |
