| Trustmark Definition Name | Version |
|---|---|
|
Defines privacy requirements related to providing notice to users in the event of transfer of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to organizations documenting their commitments with respect to the protection or destruction of users' sensitive information.
|
1.0 |
|
Defines privacy requirements related to the destruction of sensitive information.
|
1.0 |
|
Defines privacy requirements related to the management of inactive accounts.
|
1.0 |
|
Defines privacy requirements for organizations to provide a mechanism for individuals to cause prompt deletion of their sensitive information.
|
1.0 |
|
Defines privacy requirements for organizations to provide a mechanism for individuals to cause prompt cessation of sharing of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to the continued protection of sensitive information when an organization ceases to provide service or a user ceases to use its service.
|
1.0 |
|
Defines privacy requirements related to organizations providing processes for users to expressly indicate that they are ceasing to use the organization's service.
|
1.0 |
|
Defines privacy requirements related to the documentation of sensitive information handling in the event of the organization's bankruptcy, sale, or discontinuation of services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has documented the specific terms and conditions for personally owned information systems to access, process, store or transmit sensitive information.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.8: Testing of Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements. Requires an organization to help identify vulnerabilities so that they can be corrected before the software is released in order to prevent exploitation. Using automated methods lowers the effort and resources needed to detect vulnerabilities and improves traceability and repeatability. Executable code includes binaries, directly executed bytecode and source code, and any other form of code that an organization deems executable.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for testing of flaw remediation updates as related to overall system and information integrity requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews security monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews security monitoring plans for consistency with organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews security testing plans for consistency with organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews security testing plans for consistency with the organizational risk management strategy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews secuirty training plans for consistency with organization-wide priorities for risk response actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews secuirty training plans for consistency with the organizational risk management strategy.
|
1.0 |
|
Addresses the requirement for an organization's CPS to describe procedures to ensure that certificate accountability is maintained for device PKI certificates.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for a Registration Authority (RA) to reduce the risk of equipment tampering.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined information system components with minimal functionality and information storage.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for third-party providers - compliance monitoring as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for third-party providers - compliance with personnel security requirements as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for third-party providers - notification of terminations and transfers as related to overall personnel security requirements.
|
1.0 |
