Trustmark Definition Name | Version |
---|---|
Defines conformance and assessment criteria for verifying that an organization prohibits the use of devices possessing organization-defined environmental sensing capabilities in organization-defined facilities, areas, or systems.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization ensures that the information system is configured so that data or information collected by the organization-defined sensors is only reported to authorized individuals or roles.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization separates duties of individuals.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization has documented is separation of duties.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization identifies and authenticates organization-defined information system services using organization-defined security safeguards.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization ensures that service providers receive, validate, and transmit identification and authentication information.
|
1.0 |
Defines conformance and assessment criteria for verifying that an organization ensures that identification and authentication decisions are transmitted between organization-defined services consistent with organizational policies.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system provides the capability for authorized users to select a user session to capture/record or view/hear.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system provides the capability for authorized users to capture/record and log content related to a user session.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system initiates session audits at system start-up.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system protects the authenticity of communications sessions.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system invalidates session identifiers upon user logout or other session termination.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system generates a unique session identifier for each session with organization-defined randomness requirements and recognizes only session identifiers that are system-generated.
|
1.0 |
Addresses the requirement for an organization to document its practices with respect to PKI session key encapsulation.
|
1.0 |
Addresses the requirement for an organization to identify its support or lack of support for PKI session key encapsulation.
|
1.0 |
Addresses the requirement for organization PKI certificate authorities (CAs) that support session key recovery shall identify the document describing the practices in the applicable CP.
|
1.0 |
Addresses the requirement for an organization to identify its support or lack of support for PKI session key recovery.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system initiates a session lock at user request or after a defined period of inactivity.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system retains session locks until the user reestablishes access.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system conceals previously visible information during a session lock.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system automatically terminates a user session when defined conditions occur.
|
1.0 |
Defines conformance and assessment criteria for verifying that an information system terminates shared/group account credentials when members leave the group.
|
1.0 |
Defines conformance and assessment criteria for compliance with minimum security requirements for sharing of information system vulnerability scan results as related to overall risk assessment requirements.
|
1.0 |