| Trustmark Definition Name | Version |
|---|---|
|
This Trustmark Definition specifies a minimum Elliptic Curve key size for private keys use with PKI.
|
1.0 |
|
Addresses the requirement for end-entity certificates shall contain public keys that are at least 160 bits for elliptic curve algorithms.
|
1.0 |
|
This Trustmark Definition specifies a minimum RSA key size for private keys use with PKI.
|
1.0 |
|
This Trustmark Definition specifies a minimum RSA key size for public keys use with PKI.
|
1.0 |
|
Addresses the requirement for all end-entity certificates associated with PKI to contain public keys that conform to NIST SP 800-78.
|
1.0 |
|
Defines privacy requirements related to the enforcement of Safe Harbor Privacy Principles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for enforcement of software installation policies as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an enterprise architecture with consideration for information security and the resulting risk to individuals.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational assets.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an enterprise architecture with consideration for information security and the resulting risk to organizational operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an enterprise architecture with consideration for information security and the resulting risk to other organizations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops an enterprise architecture with consideration for information security and the resulting risk to the Nation.
|
1.0 |
|
Addresses the requirement for entry of activation data to be protected from disclosure (i.e., the data should not be displayed while it is entered).
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for water damage protection as related to overall physical and environmental protection requirements.
|
1.0 |
|
Addresses the requirement for cryptographic keying material used to sign certificates, CRLs or status information by Organization CAs to be generated in modules validated under international standards equivalent to FIPS 140.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system reveals error messages only to organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for escort of visitors as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for established configuration settings as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for established personnel security requirements as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for established system rules of behavior as related to overall security planning requirements.
|
1.0 |
|
Federation authorities must establish a set of valid federation protocols and/or profiles on which the federation will operate to enable interoperability between federation participants and to fulfill other requirements as needed for the specific technical or business use-cases of the federation.
|
1.0 |
|
Federation authorities must establish with policy and procedures for how their federation operates in terms of FAL, IAL, and AAL, and must define how the federation participants will be assessed for those assurance levels.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for establishment of remote access restrictions as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for event triggered review of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
