| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions upon organization-defined system transitional states.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions upon command by user with appropriate privilege.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs organization-defined action(s) when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system restarts the information system when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system shuts the information system down when anomalies are discovered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the correct operation of organization-defined security functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements automated mechanisms to support the management of distributed security testing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reports the results of security function verification to organization-defined personnel or roles.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security functional requirements as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security impact analysis as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization analyzes changes to the information system in a separate test environment before implementation in an operational environment, looking for security impacts due to flaws, weaknesses, incompatibility, or intentional malice.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, after the information system is changed, checks the security functions to verify that the functions are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security requirements for the system.
|
1.0 |
|
Specifies that a health care related organization must have policies to document security incidents and their outcomes.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to document security incidents and their outcomes.
|
1.0 |
|
Specifies that a health care related organization must have policies to identify suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to identify suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must have policies to mitigate, to the extent practicable, harmful effects of known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to mitigate, to the extent practicable, harmful effects of known security incidents.
|
1.0 |
|
Specifies that a health care related organization must have policies to respond to suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to respond to suspected or known security incidents.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to regularly review information system activity (i.e., audit logs, access reports, and security incident tracking reports).
|
1.0 |
|
Specifies that a health care related organization must apply appropriate sanctions against employees who fail to comply with the security policies and procedures of the organization.
|
1.0 |
|
Specifies that a health care related organization must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to protected health information.
|
1.0 |
|
Specifies that a health care related organization must protect against any reasonably anticipated uses or disclosures of protected health information that are not allowed under the Privacy Rule.
|
1.0 |
