Trustmark Definitions (101-125 of 3325)

Trustmark Definition Name Version
Credential Service Providers must have a written policy and/or procedure describing how a trusted referee is determined and describing the lifecycle by which they retains their status.
1.0
Defines conformance and assessment criteria for verifying that an information system includes components that proactively seek to identify malicious websites and/or web-based malicious code.
1.0
Defines conformance and assessment criteria for verifying that an organization identifies potential accessibility problems to the alternate storage site in the event of an area-wide disruption or disaster and outlines explicit mitigation actions.
1.0
Addresses the requirement for organization PKI certificate authorities to revoke any certificates issued to a subscriber affliated with a given entity when the entity no longer authorizes the affiliation.
1.0
Defines conformance and assessment criteria for verifying that an organization reviews information system changes to determine whether unauthorized changes have occurred.
1.0
Defines conformance and assessment criteria for verifying that an organization provides emergency lighting for all areas within the facility supporting essential missions and business functions.
1.0
Defines conformance and assessment criteria for verifying that an organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited.
1.0
Defines conformance and assessment criteria for verifying that an organization partitions the information system into organization-defined information system components residing in separate physical domains or environments based on organization-defined circumstances for physical separation of components.
1.0
Addresses the requirement for all FIPS-approved signature algorithms to be considered acceptable.
1.0
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system.
1.0
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to conduct maintenance.
1.0
Addresses the requirements for limiting the validity period of PKI Certificate Status Server certificates that provide revocation status.
1.0
Defines conformance and assessment criteria for verifying that personal firewalls employed by the organization filter Incoming traffic by IP address.
1.0
Addresses the requirements for the expiration of PIV-I subscriber certificates.
1.0
Defines conformance and assessment criteria for verifying that an organization explicitly authorizes the execution of privileged commands and access to security-relevant information via remote access.
1.0
Defines privacy requirements for organizations to document their procedures for handling individuals' requests for correction involving information the organization has disclosed and can change because it originated the information.
1.0
Addresses requirements for detection of unauthorized software modification.
1.0
Defines conformance and assessment criteria for verifying that an organization employs organization-defined out-of-band channels for the physical delivery or electronic transmission of organization-defined information, information system components, or devices to organization-defined individuals or information systems.
1.0
Defines conformance and assessment criteria for verifying that an organization employs organization-defined security safeguards to validate that the information system or system component received is genuine and has not been altered.
1.0
Defines conformance and assessment criteria for verifying that an organization develops an organization-wide information security program plan that provides an overview of the requirements for the security program.
1.0
Defines conformance and assessment criteria for verifying that an organization employs virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) on all servers.
1.0
Addresses the requirement for CAs must not issue subscriber certificates that extend beyond the expiration date of their own certificates and public keys.
1.0
Defines conformance and assessment criteria for verifying that an organization determines and documents the legal authority that permits the general maintenance of personally identifiable information (PII).
1.0
Defines conformance and assessment criteria for verifying that an organization employs red team exercises to simulate attempts by adversaries to compromise organizational information systems in accordance with organization-defined rules of engagement.
1.0
Defines conformance and assessment criteria for verifying that an organization employs redundant power cabling paths that are physically separated by organization-defined distance.
1.0
This page is also available as JSON and XML.