| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization maintains availability of information in the event of the loss of cryptographic keys by users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization produces, controls, and distributes symmetric cryptographic keys using NIST FIPS-compliant, NSA-approved key management, or other technology and processes.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for cryptographic key management as related to overall system and communications protection requirements.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the memorization of cryptographic module activation data.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the recording of cryptographic module activation data.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for securing cryptographic module activation data.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from associated cryptographic modules.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from removable hardware associated with remote workstations used to administer the CA.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing cryptographic module activation data.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for cryptographic module authentication as related to overall identification and authentication requirements.
|
1.0 |
|
Addresses the requirement to deactivate PKI cryptographic modules after use.
|
1.0 |
|
Addresses the requirement for Cryptographic modules to be validated to the FIPS 140 level.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for cryptographic protection of stored passwords as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for cryptographic protection of transmitted passwords as related to overall identification and authentication requirements.
|
1.0 |
|
Addresses the requirement forcryptography used to achieve bind subscriber identities to public keys to be at least as strong as the CA keys used to sign certificates.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that each CSA head or SIB Chief executed a signed written user agreement with the FBI CJIS Division stating their willingness to demonstrate conformity with the CJIS Security Policy before accessing and participating in CJIS records information programs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the signed user agreement between the organization and the FBI CJIS Division include the standards and sanctions governing utilization of CJIS systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the CSA ISO document and provide assistance for implementing the security-related controls for the Interface Agency and its users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the CSA ISO documents technical compliance with the CJIS Security Policy.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the CSA ISO serves as the security point of contact (POC) to the FBI CJIS Division ISO.
|
1.0 |
|
Credential Service Providers (CSPs) must comply with records retention policies as appropriate for the organization, including adhering to applicable laws, regulations, and policies. CSPs must also inform their subscribers of their records retention policy.
|
1.0 |
|
Addresses the requirement for CSSes to sign responses using the same hash algorithm used by the CA to sign CRLs.
|
1.0 |
|
Addresses the requirement for CSSes to sign responses using the same signature algorithm used by the CA to sign CRLs.
|
1.0 |
|
Addresses the requirement for CSSes to sign responses using the same key size used by the CA to sign CRLs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization re-implements or custom develops organization-defined critical information system components.
|
1.0 |
