| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization has established minimum PIN history and reuse requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined procedures for account management as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined software installation policies as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for defined system maintenance record content as related to overall maintenance requirements.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 39(1).
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.4: Definition and Use of Criteria for SDLC Software Security Checks. Requires an organization to help ensure that the software resulting from the SDLC meets the organization's expectations by defining and using criteria for checking the software's security during development.
|
1.1 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.1: Definition of Security Requirements for Software Development. Requires an organization to ensure that security requirements for software development are known at all times so that they can be taken into account throughout the SDLC and duplication of effort can be minimized because the requirements information can be collected once and shared. This includes requirements from internal sources (e.g., the organization's policies, business objectives, and risk management strategy) and external sources (e.g., applicable laws and regulations).
|
1.1 |
|
Addresses the requirement for the delivery mechanism for public keys and subsciber identity to bind them together.
|
1.0 |
|
Addresses the requirement for correct tokens and activation data to be provided to subscibered when private keys are delivered to them.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 7(1).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined monitoring tools to detect indicators of denial of service attacks against the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors organization-defined information system resources to determine if sufficient resources exist to prevent effective denial of service attacks.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restricts the ability of individuals to launch organization-defined denial of service attacks against other information systems.
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.1: Design of Software to Meet Security Requirements and Mitigate Security Risks. Requires an organization to identify and evaluate the security requirements for the software; determine what security risks the software is likely to face during operation and how the software's design and architecture should mitigate those risks; and justify any cases where risk-based analysis indicates that security requirements should be relaxed or waived. Addressing security requirements and risks during software design (secure by design) is key for improving software security and also helps improve development efficiency.
|
1.1 |
|
Defines conformance and assessment criteria for verifying that an organization locks the area, room, or storage container used for sensitive information when unattended.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has designated an area, a room, or a storage container, as a "controlled area" for the purpose of day-to-day sensitive information access or storage when it cannot meet all of the controls required for establishing a physically secure location.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(1).
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 37(5).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires inoperable electronic media to be destroyed.
|
1.0 |
|
Addresses requirements for the destruction of subscriber PKI private signature keys.
|
1.0 |
|
Addresses requirements for detection of unauthorized system configuration modification.
|
1.0 |
|
Addresses requirements for detection of unauthorized software modification.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for determination of auditable events as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for determination of events to be audited as related to overall audit and accountability requirements.
|
1.0 |
