| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization reviews exceptions to the traffic flow policy at an organization-defined frequency and removes exceptions that are no longer supported by an explicit mission/business need.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes a traffic flow policy for each managed interface.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system fails securely in the event of an operational failure of a boundary protection device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined host-based boundary protection mechanisms at organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs boundary protection mechanisms to separate organization-defined information system components supporting organization-defined missions and/or business functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization isolates organization-defined information security tools, mechanisms, and support components from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents discovery of specific system components composing a managed interface.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, in conjunction with a remote device, prevents the device from simultaneously establishing non-remote connections with the system and communicating via some other connection to resources in external networks.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized exfiltration of information across managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects against unauthorized physical connections at organization-defined managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system only allows incoming communications from organization-defined authorized sources to be routed to organization-defined authorized destinations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system detects and denies outgoing communications traffic posing a threat to external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system routes organization-defined internal communications traffic to organization-defined external networks through authenticated proxy servers at managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.
|
1.0 |
|
Specifies that a health care related organization's contract must provide that the business associate will comply with the applicable requirements of this subpart (Section 164.300-399).
|
1.0 |
|
Specifies the requirement that a covered entity's business associate obtain satisfactory assurances, in accordance with Section 164.314(a), that the business associate's subcontractor will appropriately safeguard the information.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must report to the covered entity any unauthorized use or disclosure (breaches) of PHI.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A business associate would not be in compliance if aware a subcontractor violated its contract obligations and did not fix them.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). A covered entity would not be in compliance if aware the business associate violated its contract obligations and did not remedy them.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must provide an accounting of disclosure of PHI as provided by regulations.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must ensure that any subcontractor abide by the same law and contract requirements.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract cannot allow further use or disclosure by the business association of information that would violate regulations.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The contract must limit use or disclosure as permitted or required by contract or law.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must amend PHI by individuals as provided by regulations.
|
1.0 |
