| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for two or more persons to be needed for CA signing key activation.
|
1.0 |
|
Addresses the requirement for two person physical access control for CA equipment.
|
1.0 |
|
Addresses the requirement for two person physical access control for cryptographic modules.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system purges/wipes information from organization-defined mobile devices based on organization-defined purging/wiping requirements/techniques after organization-defined number consecutive, unsuccessful device logon attempts.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides justification and documents approval for the continued use of unsupported system components required to satisfy mission/business needs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization replaces information system components when support for the components is no longer available from the developer, vendor, or manufacturer.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides [Selection (one or more): in-house support; organization-defined support from external providers for unsupported information system components.
|
1.0 |
|
Addresses the requirement for an organization to not include any unverified information in PKI certificates at other than the rudimentary assurance level.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for updates to contingency planning training as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for updates to incident response training as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for updates to plan of action and milestones as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization authorizes, monitors, and controls the use of organization-defined information system components within the information system for which usage restrictions have been established.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes usage restrictions and implementation guidance for organization-defined information system components based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 47(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 49(1).
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for use of external information systems - access from external systems as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for use of external information systems - external storage, processing, transmission of information as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization only permits external access when the external systems have met defined security controls.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires approved agreements for use of external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits the use of organization-defined network accessible storage devices in external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts or prohibits the use of non-organizationally owned information systems, system components, or devices to process, store, or transmit organizational information.
|
1.0 |
|
Addresses requirements for exclusive use of new PKI Certificate Authority private signing keys.
|
1.0 |
|
Addresses requirements for the use of old PKI Certificate Authority private signing keys.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(2).
|
1.0 |
