| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses protection from viruses, worms, Trojan horses, and other malicious code.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that security awareness training for all information technology personnel (system administrators, security administrators, network administrators, etc.) include scanning for malicious code and updating definitions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses the proper handling and marking of sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for all information technology personnel (system administrators, security administrators, network administrators, etc.) addresses network infrastructure protection measures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses password usage and management--including creation, frequency of changes, and protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses personally owned equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses personally owned software.
|
1.0 |
|
Defines conformance and assessement criteria for the training provided to Local Agency Security Officers as to policy changes.
|
1.0 |
|
Defines conformance and assessement criteria for the training provided to Local Agency Security Officers as to roles and responsibilities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses its dissemination and destruction.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses the protection of information through hardcopy destruction.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses social engineering.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses handling Spam.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for all information technology personnel (system administrators, security administrators, network administrators, etc.) addresses timely application of system patches.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses rules that describe responsibilities and expected behavior with regard to information system usage.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses threats, vulnerabilities, and risks associated with accessing systems and services processing sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that baseline security awareness training for authorized personnel with access to sensitive information addresses usage and handling of that information.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to train all members of its workforce on the policies and procedures with respect to protected health information required by the Privacy Rule.
|
1.0 |
|
Addresses requirements for the transfer of PKI records archive data to new media.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to take steps to transition all of its existing product and service deployments away from default passwords through outreach campaigns or software updates.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system protects the confidentiality of transmitted information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to conceal or randomize communication patterns unless otherwise protected by organization-defined alternative physical safeguards.
|
1.0 |
|
This Trustmark Definition addresses the requirement for a system to employ encryption for transmitted information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements cryptographic mechanisms to protect message externals unless otherwise protected by organization-defined alternative physical safeguards.
|
1.0 |
|
This Trustmark Definition addresses the requirement for a system to employ physical protection for transmitted information.
|
1.0 |
