| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization minimizes the number of nonsecurity functions included within the isolation boundary containing security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements security functions as largely independent modules that maximize internal cohesiveness within modules and minimize coupling between modules.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies organization-defined personnel or roles of failed security verification tests.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions upon organization-defined system transitional states.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions upon command by user with appropriate privilege.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs organization-defined action(s) when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restarts the information system when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system shuts the information system down when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements automated mechanisms to support the management of distributed security testing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reports the results of security function verification to organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security functional requirements as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security impact analysis as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization analyzes changes to the information system in a separate test environment before implementation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, after the information system is changed, checks the security functions to verify that the functions are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security requirements for the system.
|
1.0 |
|
Specifies that a health care related organization must have policies to document security incidents and their outcomes.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to document security incidents and their outcomes.
|
1.0 |
|
Specifies that a health care related organization must have policies to identify suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to identify suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must have policies to mitigate, to the extent practicable, harmful effects of known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to mitigate, to the extent practicable, harmful effects of known security incidents.
|
1.0 |
|
Specifies that a health care related organization must have policies to respond to suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to respond to suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to regularly review information system activity (i.e., audit logs, access reports, and security incident tracking reports).
|
1.0 |
