| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization, for PKI-based authentication, employs a deliberate organization-wide methodology for managing the content of PKI trust stores installed across all platforms including networks, operating systems, browsers, and applications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined security safeguards to manage the risk of compromise due to individuals having accounts on multiple information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication implements a local cache of revocation data.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication enforces authorized access to the corresponding private key.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, for PKI-based authentication maps the authenticated identity to the account of the individual or group.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the registration process to receive organization-defined types of and/or specific authenticators be conducted by a trusted third party before organization-defined registration authority with authorization by organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator protection as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator refresh as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator reuse conditions as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator revocation as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator strength as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authorization of identifiers as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authorization of internal system connections as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authorization of non-escorted maintenance personnel as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization explicitly authorizes access to security functions and security-relevant information.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authorizing official assigned as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to enable automatic installation of software patches by default where appropriate, across all of its product and service offerings.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated account management mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically audits and sends notifications for actions affecting accounts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically disables inactive accounts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically removes or disables temporary accounts.
|
1.0 |
|
Addresses requirements for the automatic collection of audit logs.
|
1.0 |
