| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization produces up-to date, accurate, and complete records of all repair actions requested, scheduled, in process, and completed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system does not release information outside of the established system boundary unless organization-defined security safeguards are used to validate the appropriateness of the information designated for release.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system does not release information outside of the established system boundary unless the receiving organization-defined information system or system component provides organization-defined security safeguards.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 42(3).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 31.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for coordination of contingency planning activities as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for coordination of security audit function as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for coordination with incident response as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for corrective actions based on system contingency plan test results as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for correlation and analysis of monitoring and assessment information as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Specifies the requirement that a covered entity obtain satisfactory assurances, in accordance with Section 164.314(a), that the business associate will appropriately safeguard the information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization performs a covert channel analysis to identify those aspects of communications within the information system that are potential avenues for covert storage or timing channels.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization estimates the maximum bandwidth of potential covert channels.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reduces the maximum bandwidth for identified covert [Selection (one or more); storage; timing channels to organization-defined values.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization measures the bandwidth of organization-defined subset of identified covert channels in the operational environment of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization tests a subset of the identified covert channels to determine which channels are exploitable.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.5: Creation of Source Code via Adherence to Secure Coding Practices. Requires an organization to decrease the number of security vulnerabilities in the software, and reduce costs by minimizing vulnerabilities introduced during source code creation that meet or exceed organization-defined vulnerability severity criteria.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for credentials issued for facility access as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses requirements for identity credentials presented for identity proofing to be unexpired.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that device drivers that serve critical functions are stored within the specific virtual machines they service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the development of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the documentation of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization addresses information security issues in the updating of a critical infrastructure and key resources protection plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization identifies critical information system components and functions by performing a criticality analysis for organization-defined information systems, information system components, or information system services at organization-defined decision points in the system development life cycle.
|
1.0 |
|
Addresses the requirement for an organization to issue a certificate revocation list (CRL) within an organization-defined time when a PKI certificate authority (CA) certificate is revoked.
|
1.0 |
