| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for supervision of maintenance personnel as related to overall maintenance requirements.
|
1.0 |
|
This Trustmark Definition addresses organizational requirements to protect against supply chain threats for information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined tailored acquisition strategies, contract tools, and procurement methods for the purchase of the information system, system component, or information system service from suppliers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts an assessment of the information system, system component, or information system service prior to selection, acceptance, or update.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to ensure an adequate supply of organization-defined critical information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes and retains unique identification of organization-defined supply chain elements, processes, and actors for the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes inter-organizational agreements and procedures with entities involved in the supply chain for the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to limit harm from potential adversaries identifying and targeting the organizational supply chain.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined Operations Security (OPSEC) safeguards in accordance with classification guides to protect supply chain-related information for the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organizational analysis, independent third-party analysis, organizational penetration testing, and/or independent third-party penetration testing of organization-defined supply chain elements, processes, and actors associated with the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes a process to address weaknesses or deficiencies in supply chain elements identified during independent or organizational assessments of such elements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization conducts a supplier review prior to entering into a contractual agreement to acquire the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization uses all-source intelligence analysis of suppliers and potential suppliers of the information system, system component, or information system service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to validate that the information system or system component received is genuine and has not been altered.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to support single sign-on (SSO) configurations that are standards-based (e.g., using SAML or OpenID Connect) and that enable multi-factor authentication (MFA) through customers' identity providers, across all of its product and service offerings.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 38(2).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system authorizations periodically updated as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Addresses the requirement for adjustments to a systems clock to be audited.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system configured for essential capabilities as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan - communication of changes as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan distribution as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan essential items as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan full restoration as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan maintenance of essential missions and functions as related to overall contingency planning requirements.
|
1.0 |
