| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement for computing and communications devices named as PKI certificate subjects to have a human sponsor.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined concealment and misdirection techniques for organization-defined information systems at organization-defined time periods to confuse and mislead adversaries.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization changes the location of organization-defined processing and/or storage at an organization-defined time frequency or at random time intervals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined techniques to hide or conceal organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs realistic, but misleading information in organization-defined information system components with regard to its security state or posture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined techniques to introduce randomness into organizational operations and assets.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system limits the number of concurrent sessions for its users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has documented the parameters of the operational business needs for multiple concurrent active sessions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements approved configuration-controlled changes to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization audits and reviews activities associated with configuration-controlled changes to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to implement changes to the current information system baseline and deploys the updated baseline across the installed base.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to document all changes to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to document proposed changes to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to highlight proposed changes to the information system that have not been approved or disapproved within a defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to prohibit changes to the information system until designated approvals are received.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to notify personnel when approved changes to the information system are completed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to notify approval authorities of proposed changes to the information system and request change approval.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization coordinates and provides oversight for configuration change control activities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents configuration change decisions associated with the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines the types of changes to the information system that are configuration-controlled.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with explicit consideration for security impact analyses.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that cryptographic mechanisms used to provide organization-defined security safeguards are under configuration management.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains records of configuration-controlled changes to the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires an information security representative to be a member of the organization-defined configuration change control element.
|
1.0 |
