| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization tests, validates, and documents changes to the information system before implementing them on the operational system,.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops and documents a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops and documents a configuration management plan for the information system that defines the configuration items for the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops and documents a configuration management plan for the information system that establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops and documents a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a configuration management plan for the information system that places the configuration items under configuration management.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a configuration management plan for the information system that establishes a process for identifying configuration items throughout the system development life cycle and for managing the configuration of the configuration items.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a configuration management plan for the information system that protects the configuration management plan from unauthorized disclosure and modification.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization assigns responsibility for developing the configuration management process to organizational personnel that are not directly involved in information system development.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to centrally manage, apply, and verify configuration settings for information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs security safeguards to respond to unauthorized changes to configuration settings.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for consecutive invalid logon attempts as related to overall access control requirements.
|
1.0 |
|
Defines privacy requirements related to the use of sensitive information for purposes other than the purposes of collection.
|
1.0 |
|
Defines privacy requirements related to attributes being displayed to users before transmission.
|
1.0 |
|
Defines privacy requirements related to users being able to see attributes to be transmitted as part of the opt in process.
|
1.0 |
|
Defines privacy requirements related to the ability of individuals to make informed decisions about the collection of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to the ability of individuals to designate someone else to make decisions with respect to their sensitive information.
|
1.0 |
|
Defines privacy requirements related to the ability of individuals to make informed decisions about the disclosure of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to obtaining explicit user confirmation of information transmissions.
|
1.0 |
|
Defines privacy requirements related to providing a fair and unduly burdensome process for individuals to designate someone else to make decisions on their behalf.
|
1.0 |
|
Defines privacy requirements related legal exemptions to providing mechanisms for individuals to delete their sensitive information.
|
1.0 |
|
Defines privacy requirements related legal exemptions to obtaining consent before sharing individuals' sensitive information.
|
1.0 |
|
Defines privacy requirements related legal exemptions to providing mechanisms for individuals to cause the cessation of sharing of their sensitive information.
|
1.0 |
|
Defines privacy requirements related to organizations providing individuals with mechanisms to exercise choice with respect to their sensitive information.
|
1.0 |
