| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for systems authorized prior to commencing operations as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to provide tamper protection safeguards for information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a tamper protection program for the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization inspects organization-defined information systems, system components, or devices at random, at an organization-defined frequency, or upon organization-defined indications of need for inspection to detect tampering.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design, development, integration, operations, and maintenance.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to implement a tamper protection program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs a technical surveillance countermeasures survey at organization-defined locations [Selection (one or more): organization-defined frequency; organization-defined events or indicators occur.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests alternate telecommunication services organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires primary and alternate telecommunications service providers to have contingency plans.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews provider contingency plans to ensure that the plans meet organizational contingency requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization obtains evidence of contingency testing/training by providers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization obtains alternate telecommunications services from providers that are separated from primary service providers to reduce susceptibility to the same threats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization obtains alternate telecommunications services to reduce the likelihood of sharing a single point of failure with primary telecommunications services.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for temperature and humidity controls as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automatic temperature and humidity controls in the facility to prevent fluctuations potentially harmful to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs temperature and humidity monitoring that provides an alarm or notification of changes potentially harmful to personnel or equipment.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for temporary passwords permitted as related to overall identification and authentication requirements.
|
1.0 |
|
Defines privacy requirements related to providing notice to users in the event of transfer of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to organizations documenting their commitments with respect to the protection or destruction of users' sensitive information.
|
1.0 |
|
Defines privacy requirements related to the destruction of sensitive information.
|
1.0 |
|
Defines privacy requirements related to the management of inactive accounts.
|
1.0 |
|
Defines privacy requirements for organizations to provide a mechanism for individuals to cause prompt deletion of their sensitive information.
|
1.0 |
|
Defines privacy requirements for organizations to provide a mechanism for individuals to cause prompt cessation of sharing of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to the continued protection of sensitive information when an organization ceases to provide service or a user ceases to use its service.
|
1.0 |
|
Defines privacy requirements related to organizations providing processes for users to expressly indicate that they are ceasing to use the organization's service.
|
1.0 |
