| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization employs a detonation chamber capability within organization-defined information system, system component, or location.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to document approved changes to the system, component, or service and the potential security impacts of such changes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to document, manage, and control the integrity of changes to organization-defined configuration items under configuration management.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to implement only organization-approved changes to the system, component, or service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to track security flaws and flaw resolution within the system, component, or service and report findings to organization-defined personnel.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform configuration management during system, component, or service design.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform configuration management during system, component, or service development.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform configuration management during system, component, or service implementation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform configuration management during system, component, or service operation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that in the absence of a dedicated developer configuration management team, an organization provides an alternate configuration management process using organizational personnel.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to enable integrity verification of hardware components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to maintain the integrity of the mapping between the master build data (hardware drawings and software/firmware code) describing the current version of security-relevant hardware, software, and firmware and the on-site master copy of the data for the current version.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to enable integrity verification of software and firmware components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to execute procedures for ensuring that security-relevant hardware, software, and firmware updates distributed to the organization are exactly as specified by the master copies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions and software/firmware source and object code with previous versions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the developer of an organization-defined information system, system component, or information system service have appropriate access authorizations as determined by assigned organization-defined official government duties.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the developer of an organization-defined information system, system component, or information system service satisfy organization-defined additional personnel screening criteria.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service take organization-defined actions to ensure that the required access authorizations and screening criteria are satisfied.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a design specification that is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a design specification that accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a design specification that expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a security architecture that is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a security architecture that accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a security architecture that expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to: (a) Design and structure the security-relevant hardware, software, and firmware to use a complete, conceptually simple protection mechanism with precisely defined semantics; and (b) Internally structure the security-relevant hardware, software, and firmware with specific regard for this mechanism. .
|
1.0 |
