| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization ensures that security attribute associations are made and retained with the information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes the permitted organization-defined security attributes for organization-defined information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines the permitted organization-defined values or ranges for each of the established security attributes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system supports the association of organization-defined security attributes with organization-defined subjects and objects by authorized individuals (or processes acting on behalf of individuals).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined techniques or technologies with organization-defined level of assurance in associating security attributes to information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides authorized individuals the capability to define or change the type and value of security attributes available for association with subjects and objects.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system displays security attributes in human-readable form on each object that the system transmits to output devices to identify organization-identified special dissemination, handling, or distribution instructions using organization-identified human-readable, standard naming conventions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that security attributes associated with information are reassigned only via re-grading mechanisms validated using organization-defined techniques or procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides authorized individuals (or processes acting on behalf of individuals) the capability to define or change the value of associated security attributes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides a consistent interpretation of security attributes transmitted between distributed information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system dynamically associates security attributes with organization-defined subjects and objects in accordance with organization-defined security policies as information is created and combined.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization allows personnel to associate, and maintain the association of organization-defined security attributes with organization-defined subjects and objects in accordance with organization-defined security policies.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system maintains the association and integrity of organization-defined security attributes to organization-defined subjects and objects.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides the means to associate organization-defined types of security attributes having organization-defined security attribute values, with information in storage, in process, and/or in transmission.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization designates individuals to fulfill specific roles and responsibilities within the organizational risk management process.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization fully integrates the security authorization processes into an organization-wide risk management program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manages (i.e., documents, tracks, and reports) the environments in which organizational information systems operate through security authorization processes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization manages (i.e., documents, tracks, and reports) the security state of organizational information systems through security authorization processes.
|
1.0 |
|
Specifies that a health care related organization must implement procedures for monitoring login attempts and reporting discrepancies.
|
1.0 |
|
Specifies that a health care related organization must implement procedures for creating, changing, and safeguarding passwords.
|
1.0 |
|
Specifies that a health care related organization must implement procedures for guarding against, detecting, and reporting malicious software.
|
1.0 |
|
Specifies that a health care related organization must send periodic security updates or reminders to its workforce.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses access control.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses media protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses physical security.
|
1.0 |
