| Trustmark Definition Name | Version |
|---|---|
|
Specifies that a health care related organization must protect against any reasonably anticipated threats or hazards to the security or integrity of PHI.
|
1.0 |
|
Specifies that a health care related organization must ensure the confidentiality, integrity, and availability of all electronic protected health information the organization handles.
|
1.0 |
|
Specifies that a health care related organization must ensure compliance with the requirements in the Security Rule for the Protection of Electronic Protected Health Information by its workforce.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security strength requirements as related to overall system and services acquisition requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents access to organization-defined security-relevant information except during secure, non-operable system states.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for selectable audit of events as related to overall audit and accountability requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a senior information security officer with the mission to coordinate, develop, implement, and maintain an organization-wide information security program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization appoints a senior information security officer with the resources to coordinate, develop, implement, and maintain an organization-wide information security program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that access to, use, and dissemination of data from NCIC restricted files consistent with the access, use, and dissemination policies concerning the III described in Title 28, Part 20, CFR, and the NCIC Operating Manual.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that sensitive date is accessed only for authorized purposes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that sensitive information is only used for authorized purposes consistent with the purpose for which it was accessed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization encrypts sensitive information when stored in a virtualized environment where it is comingled with other data or segregates and store unencrypted sensitive information within its own secure VM.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization comingles sensitive information with other data in a virtual environment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that sensitive information is not commercially disseminated.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits cloud providers from using metadata derived from senitive information for any purpose.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits cloud providers from using metadata derived from senitive information for advertising or any commercial purpose.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that sensitive information is disseminated only for law enforcement purposes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization encrypts network traffic between virtual machines processing sensitive information and the host within the virtual environment.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing sensitive CA equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides an explicit indication of sensor use to organization-defined class of users.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prohibits the remote activation of environmental sensing capabilities with the following exceptions: organization-defined exceptions where remote activation of sensors is allowed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs organization-defined measures so that data or information collected by organization-defined sensors is only used for authorized purposes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits the use of devices possessing organization-defined environmental sensing capabilities in organization-defined facilities, areas, or systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the information system is configured so that data or information collected by the organization-defined sensors is only reported to authorized individuals or roles.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization separates duties of individuals.
|
1.0 |
