| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to describe the security-relevant hardware, software, and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via proof to the extent feasible with additional informal demonstration as necessary, that the formal top-level specification is consistent with the formal policy model.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via informal demonstration, that the formal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, a formal policy model describing the organization-defined elements of organizational security policy to be enforced.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to prove that the formal policy model is internally consistent and sufficient to enforce the defined elements of the organizational security policy when implemented.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to describe the security-relevant hardware, software, and firmware mechanisms not addressed in the descriptive informal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, an informal descriptive top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via informal demonstration or convincing argument with formal methods as feasible, that the descriptive informal top-level specification is consistent with the formal policy model.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via informal demonstration, that the descriptive informal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show that the descriptive informal top-level specification is an accurate description of the interfaces to security-relevant hardware, software, and firmware.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to: (a) Define security-relevant hardware, software, and firmware; and (b) Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to structure security-relevant hardware, software, and firmware to facilitate controlling access with least privilege.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to structure security-relevant hardware, software, and firmware to facilitate testing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to create a security assessment plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to correct flaws identified during security testing/evaluation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to implement a verifiable flaw remediation process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to implement a security assessment plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform integration testing/evaluation at an organization-defined level of depth and coverage.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform regression testing/evaluation at an organization-defined level of depth and coverage.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce the results of the security testing/evaluation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce evidence of the execution of the security assessment plan.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform system testing/evaluation at an organization-defined level of depth and coverage.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to perform unit testing/evaluation at an organization-defined level of depth and coverage.
|
1.0 |
