| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for the backup shall be stored at a site with procedural controls commensurate to that of the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for baseline configuration as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to maintain an up-to-date, complete, accurate, and readily available baseline configuration of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization issues information systems, system components, or devices with organization-defined configurations to individuals traveling to locations that the organization deems to be of significant risk.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization applies security safeguards to information systems, system components, or devices issued to individuals when they return from locations that the organization deems to be of significant risk.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization maintains a baseline configuration for information system development and test environments that is managed separately from the operational baseline configuration.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains [Assignment: organization-defined previous versions of baseline configurations of the information system] to support rollback.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system as an integral part of information system component installations and upgrades.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system when required due to organization-defined circumstances.
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide baseline logging for configuration changes, identity, network, and data access events, across all of its product and service offerings.
|
1.0 |
|
Addresses the requirement for bi-annual PKI compliance audits.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security policy addresses the use of Bluetooth and its associated devices.
|
1.0 |
|
Used to demonstrate that an agency or organization is NOT part of the United States federal government, and therefore is not subject to certain rules and regulations that pertain to U.S. federal agencies.
|
1.0 |
|
Defines the requirement for verifying that an organization is a health care provider under HIPAA law by verifying the National Provider Identifier requirement.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization limits the number of external network connections to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system audits the identity of internal users associated with denied communications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces adherence to protocol formats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system blocks both inbound and outbound communications traffic between organization-defined communication clients that are independently configured by end users and external service providers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system denies network communications traffic by default at managed interfaces and allows network communications traffic by exception (i.e., deny all, permit by exception).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system disables feedback to senders on protocol format validation failure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides the capability to dynamically isolate/segregate organization-defined information system components from other components of the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents each exception to the traffic flow policy with a supporting mission/business need and duration of that need.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a managed interface for each external telecommunication service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects the confidentiality and integrity of the information being transmitted across each interface.
|
1.0 |
