Trustmark Definitions (176-200 of 3325)

Trustmark Definition Name Version
Addresses the requirement for an organization to require an auditable chain of custody when information sent to a CA to confirm Subscriber attributes.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for incident handling - lessons learned as related to overall incident response requirements.
1.0
Defines conformance and assessment criteria for verifying that an information system prevents the installation of unsigned software and firmware components.
1.0
Defines conformance and assessment criteria for verifying that personal firewalls employed by the organization manage program access to the Internet.
1.0
Defines conformance and assessment criteria for verifying that an organization's information systems log successful and unsuccessful attempts to change account passwords.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for information system security categorization review and approval as related to overall risk assessment requirements.
1.0
Defines conformance and assessment criteria for verifying that an organization provides means, where feasible and appropriate, for individuals to authorize the collection of personally identifiable information (PII) prior to its collection.
1.0
Defines conformance and assessment criteria for verifying that an information system validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between organization-defined security domains.
1.0
Defines conformance and assessment criteria for verifying that an information system automatically audits and sends notifications for actions affecting accounts.
1.0
Addresses naming requirements for End Entity certificates issued for PIV-I cards.
1.0
Defines conformance and assessment criteria for verifying that an information system terminates shared/group account credentials when members leave the group.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for dissemination of system maintenance procedures as related to overall maintenance requirements.
1.0
Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy risks are equipped to do so.
1.0
Defines conformance and assessment criteria for verifying that an information system provides a warning when audit record storage is low.
1.0
Defines conformance and assessment criteria for verifying that an organization's baseline security awareness training for authorized personnel with access to sensitive information addresses threats, vulnerabilities, and risks associated with accessing systems and services processing sensitive information.
1.0
Defines conformance and assessment criteria for verifying that an organization issues guidelines ensuring and maximizing quality of disseminated information.
1.0
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to describe the security-relevant hardware, software, and firmware mechanisms not addressed in the descriptive informal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.
1.0
Defines privacy requirements for organizations to document the conditions under which access to and disclosure of records they retain will be provided for specific purposes in response to requests by persons authorized by law.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for assessment of security controls as related to overall certification accreditation and security assessments requirements.
1.0
Defines privacy requirements related to organizations providing individuals with mechanisms to exercise choice with respect to their sensitive information.
1.0
Defines privacy requirements for organizations to keep a record of dates when information is to be removed if not validated prior to the end of its period.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator revocation as related to overall identification and authentication requirements.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for temperature and humidity controls as related to overall physical and environmental protection requirements.
1.0
Credential Service Providers must collect evidence of the applicant's identity prior to credential issuance. This evidence must meet guidance specified for moderate assurance.
1.0
Specifies that if an organization is a health care clearinghouse that is part of a larger organization, the clearinghouse must implement procedures that protect the electronic protected health information of the clearinghouse from unauthorized access by the larger organization.
1.0
This page is also available as JSON and XML.