| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization isolates host systems from virtual machines.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 6(1)(d).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes usage restrictions for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization authorizes the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization controls the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has deployed Voice Over IP (VoIP) on a network that contains unencrypted sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has established usage restrictions and implementation guidance for VoIP technologies.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for vulnerability remediation as related to overall risk assessment requirements.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide a clear vulnerability reporting channel for its products and services, and also allow public disclosure of discovered vulnerabilities as per coordinated disclosure standards.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for vulnerability scanning of information systems as related to overall risk assessment requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to compare the results of vulnerability scans over time to determine trends in information system vulnerabilities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs vulnerability scanning procedures that can identify the breadth and depth of coverage (i.e., information system components scanned and vulnerabilities checked).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization correlates the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines what information about the information system is discoverable by adversaries and subsequently takes corrective actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements privileged access authorization to organization-identified information system components for selected organization-defined vulnerability scanning activities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the information system vulnerabilities scanned at an organization-defined frequency, prior to a new scan, or when new vulnerabilities are identified and reported.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs vulnerability scanning tools that include the capability to readily update the information system vulnerabilities to be scanned.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for water damage protection as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to detect the presence of water in the vicinity of the information system and alert defined personnel or roles.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to adopt web template frameworks with built-in cross-site scripting (XSS) protections, across all of its product and service offerings.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for wireless access authorization as related to overall access control requirements.
|
1.0 |
