| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for coordination of security audit function as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for coordination with incident response as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for corrective actions based on system contingency plan test results as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for correlation and analysis of monitoring and assessment information as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Specifies the requirement that a covered entity obtain satisfactory assurances, in accordance with Section 164.314(a), that the business associate will appropriately safeguard the information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert storage or timing channels.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization estimates the maximum bandwidth of potential covert channels.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reduces the maximum bandwidth for identified covert [Selection (one or more); storage; timing channels to organization-defined values.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization measures the bandwidth of organization-defined subset of identified covert channels in the operational environment of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests a subset of the identified covert channels to determine which channels are exploitable.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for credentials issued for facility access as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses requirements for identity credentials presented for identity proofing to be unexpired.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that device drivers that serve critical functions are stored within the specific virtual machines they service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the development of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the documentation of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the updating of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies critical information system components and functions by performing a criticality analysis for organization-defined information systems, information system components, or information system services at organization-defined decision points in the system development life cycle.
|
1.0 |
|
Addresses the requirement for an organization to issue a certificate revocation list (CRL) within an organization-defined time when a PKI certificate authority (CA) certificate is revoked.
|
1.0 |
|
Addresses the requirement for an organization to issue a certificate revocation list (CRL) within an organization-defined time when subscriber certificate is revoked due to compromise or suspected compromise of a private key.
|
1.0 |
|
Addresses the requirement for organizations cross-certified with the FBPKI to document how it chooses to back up its archive records.
|
1.0 |
|
Addresses requirements for the organizations ensuring interoperability with the FBCA repository.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined methods for coordinating organization-defined audit information among external organizations when audit information is transmitted across organizational boundaries.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the identity of individuals be preserved in cross-organizational audit trails.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides cross-organizational audit information to organization-defined organizations based on cross-organizational sharing agreements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization produces, controls, and distributes asymmetric cryptographic keys using NSA-approved key management technology and processes, approved PKI Class 3 certificates or prepositioned keying material, approved PKI Class 3 or Class 4 certificates and hardware security tokens, or another method that protects the user's private key.
|
1.0 |
