| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined data mining prevention and detection techniques for organization-defined data storage objects to adequately detect and protect against data mining.
|
1.0 |
|
Defines privacy requirements related to ensuring that sensitive information is not destroyed in an unauthorized manner.
|
1.0 |
|
Defines privacy requirements related to the timely notice of changes to sensitive information.
|
1.0 |
|
Defines privacy requirements for organizations to maintain provenance over sensitive information.
|
1.0 |
|
Defines privacy requirements related to organizations NOT processing sensitive information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized.
|
1.0 |
|
Addresses the requirement for an organization to protect all data received from sources used to confirm Subscriber attributes.
|
1.0 |
|
Addresses requirements for recording the date that the identity of a PKI certificate applicant is verified.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization changed the default administrative password on IP phones and VoIP switches.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined and documented system development life cycle security roles and responsibilities as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined frequency for continuous monitoring as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined frequency for monitoring supporting assessments as related to overall certification accreditation and security assessments requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined mechanisms for hardware token-based authentication as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined minimum changed characters for passwords as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined minimum password complexity as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined password lifetime as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined password reuse limits as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has established minimum PIN lifetime requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has established minimum PIN history and reuse requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined procedures for account management as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined software installation policies as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined system maintenance record content as related to overall maintenance requirements.
|
1.0 |
|
Addresses the requirement for the delivery mechanism for public keys and subsciber identity to bind them together.
|
1.0 |
|
Addresses the requirement for correct tokens and activation data to be provided to subscibered when private keys are delivered to them.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined monitoring tools to detect indicators of denial of service attacks against the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.
|
1.0 |
