| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses the reporting of security events and weaknesses.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses risks associated with handling sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security awareness training addresses visitor control and physical access.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization provides training on insider threats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization includes practical exercises in security awareness training that simulate actual cyber attacks.
|
1.0 |
|
Addresses the requirement for security checks of unattended facilities housing Organization CA equipment.
|
1.0 |
|
Addresses the requirement for security checks of unattended facilities housing remote workstations used to administer the Organization CA.
|
1.0 |
|
Addresses the requirement for security checks to verify the area is secured against unauthorized access.
|
1.0 |
|
Addresses the requirement for security checks to verify equipment state related to cryptographic modules.
|
1.0 |
|
Addresses the requirement for security checks to verify that physical security systems (e.g., door locks, vent covers) are functioning properly.
|
1.0 |
|
Addresses the requirement for security checks to verify that security containers are properly secured.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization develops a security Concept of Operations (CONOPS) for the information system containing at a minimum, how the organization intends to operate the system from the perspective of information security.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the security Concept of Operations (CONOPS) for the information system at an organization-defined frequency.
|
1.0 |
|
Addresses the requirement for the strength of the security controls to be commensurate with the level of threat in the device's environment.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security documentation protection as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security documentation requirements as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization applies information system security engineering principles in the specification, design, development, implementation, and modification of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization manages evidence related to security incidents in conformance with the rules in the relevant jurisdiction(s).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system isolates security functions from non-security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system isolates security functions enforcing access and information flow control from nonsecurity functions and from other security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system utilizes underlying hardware separation mechanisms to implement security function isolation.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization minimizes the number of nonsecurity functions included within the isolation boundary containing security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements security functions as largely independent modules that maximize internal cohesiveness within modules and minimize coupling between modules.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system notifies organization-defined personnel or roles of failed security verification tests.
|
1.0 |
