Trustmark Definitions (376-400 of 3493)

Trustmark Definition Name Version
Defines conformance and assessment criteria for verifying that an organization reviews exceptions to the traffic flow policy at an organization-defined frequency and removes exceptions that are no longer supported by an explicit mission/business need.
1.0
Defines conformance and assessment criteria for verifying that an organization establishes a traffic flow policy for each managed interface.
1.0
Defines conformance and assessment criteria for verifying that an information system fails securely in the event of an operational failure of a boundary protection device.
1.0
Defines conformance and assessment criteria for verifying that an organization implements organization-defined host-based boundary protection mechanisms at organization-defined information system components.
1.0
Defines conformance and assessment criteria for verifying that an organization employs boundary protection mechanisms to separate organization-defined information system components supporting organization-defined missions and/or business functions.
1.0
Defines conformance and assessment criteria for verifying that an organization isolates organization-defined information security tools, mechanisms, and support components from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.
1.0
Defines conformance and assessment criteria for verifying that an information system prevents discovery of specific system components composing a managed interface.
1.0
Defines conformance and assessment criteria for verifying that an information system, in conjunction with a remote device, prevents the device from simultaneously establishing non-remote connections with the system and communicating via some other connection to resources in external networks.
1.0
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized exfiltration of information across managed interfaces.
1.0
Defines conformance and assessment criteria for verifying that an organization protects against unauthorized physical connections at organization-defined managed interfaces.
1.0
Defines conformance and assessment criteria for verifying that an information system only allows incoming communications from organization-defined authorized sources to be routed to organization-defined authorized destinations.
1.0
Defines conformance and assessment criteria for verifying that an information system detects and denies outgoing communications traffic posing a threat to external information systems.
1.0
Defines conformance and assessment criteria for verifying that an information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.
1.0
Defines conformance and assessment criteria for verifying that an information system routes organization-defined internal communications traffic to organization-defined external networks through authenticated proxy servers at managed interfaces.
1.0
Defines conformance and assessment criteria for verifying that an information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.
1.0
Specifies that a health care related organization's contract must provide that the business associate will comply with the applicable requirements of this subpart (Section 164.300-399).
1.0
Specifies the requirement that a covered entity's business associate obtain satisfactory assurances, in accordance with Section 164.314(a), that the business associate's subcontractor will appropriately safeguard the information.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must report to the covered entity any unauthorized use or disclosure (breaches) of PHI.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A business associate would not be in compliance if aware a subcontractor violated its contract obligations and did not fix them.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A covered entity would not be in compliance if aware the business associate violated its contract obligations and did not remedy them.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must provide an accounting of disclosure of PHI as provided by regulations.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must ensure that any subcontractor abide by the same law and contract requirements.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract cannot allow further use or disclosure by the business association of information that would violate regulations.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract must limit use or disclosure as permitted or required by contract or law.
1.0
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must amend PHI by individuals as provided by regulations.
1.0
This page is also available as JSON and XML.