| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system protects the availability of resources by allocating organization-defined resources by priority, quota, and/or organization-defined security safeguards.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides a warning when audit record storage is low.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces configurable network communications traffic volume thresholds reflecting limits on auditing capacity and rejects or delays network traffic above those thresholds.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides an alert on audit failure events.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system invokes a full system shutdown, partial system shutdown, or degraded operational mode in the event of audit failures, unless an alternate audit capability exists.
|
1.0 |
|
Addresses the requirement for a person shall be made explicitly responsible for making security checks.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for organizations to assign responsibility for their PKI Certificate Authority operations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts privileged accounts to identified personnel or roles.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 29.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 48.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization only permit the use of shared/group accounts that meet organization-defined conditions for establishing shared/group accounts.
|
1.0 |
|
Specifies that a covered entity must have policies and procedures to not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for retention of individual training records as related to overall awareness and training requirements.
|
1.0 |
|
Addresses requirements for rentention and protection of old PKI Certificate Authority private signing keys.
|
1.0 |
|
Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 28(3)(f).
|
1.0 |
|
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.4: Reuse of Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality. Requires an organization to lower the costs of software development, expedite software development, and decrease the likelihood of introducing additional security vulnerabilities into the software by reusing software modules and services that have already had their security posture checked. This is particularly important for software that implements security functionality, such as cryptographic modules and protocols.
|
1.1 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of access agreements as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of identification and authentication policy as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of identification and authentication procedures as related to overall identification and authentication requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of incident response policy as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of incident response procedures as related to overall incident response requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of media protection policy as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of media protection procedures as related to overall media protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of personnel security policy as related to overall personnel security requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of personnel security procedures as related to overall personnel security requirements.
|
1.0 |
