| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization's CSO approves access to FBI CJIS systems.
|
1.0 |
|
This Trusmark Definition ensures that the organization's CSO ensures state/federal agency compliance with policies approved by the APB and adopted by the FBI.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's CSO has set standards for the selection, supervision, and separation of personnel who have access to CJI.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that Terminal Agency Coordinators have been designated for those with devices accessing CJIS systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that Terminal Agency Coordinators have been designated for those with devices accessing CJIS systems.
|
1.1 |
|
Defines conformance and assessment criteria for verifying that Local Agency Security Officers receive enhanced security training.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that Local Agency Security Officers have been designated for those with access to CJI.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that organizations' policies state that the CSO is responsible for managing the security of CJIS systems within their state and/or agency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's CSO has set, maintained, and enforced appropriate policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's CSO supports/performs additional duties as outlined in their organization's user agreements with the FBI CJIS Division.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's network topological drawing include the organization's name and the date it was created or updated.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's network topological drawing documents all communications paths, circuits, and other components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's network topological drawing includes the logical location of all components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization maintains a current topological drawing depicting the interconnectivity of its network to criminal justice information, systems and services.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's network topological drawing includes "For Official Use Only" (FOUO) markings.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the ORI for each transaction can be traced, via audit trail, to the specific agency which is requesting the transaction.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 7(2).
|
1.0 |
|
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to clearly communicate end-of-life (EOL) timelines and offer transition support or guidance for unsupported products, across all of its product and service offerings.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibit cloud providers from mining its data.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization verifies any cloud provider it uses to store CJI stores that data exclusively wthin APB member jurisdictions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization disables or removes collaborative computing devices from organization-defined information systems or information system components in organization-defined secure work areas.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides an explicit indication of current participants in organization-defined online meetings and teleconferences.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides physical disconnect of collaborative computing devices in a manner that supports ease of use.
|
1.0 |
|
Addresses the requirement for formal development of off-the-shelf software.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 17(2).
|
1.0 |
