| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization incorporates the detection of unauthorized organization-defined security-relevant changes to the information system into the organizational incident response capability.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that the integrity of organization-defined user-installed software be verified prior to execution.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined firmware at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined information at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined software at an organization-defined frequency.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements organization-defined security safeguards to protect the integrity of boot firmware in organization-defined devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined software at startup.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined software at organization-defined transitional states.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system performs an integrity check of organization-defined software upon occurrence of security-relevant events.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization does not allow processes to execute without supervision for more than an organization-defined time period.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code.
|
1.0 |
|
Addresses requirements for software to be verified as being that supplied by the vendor.
|
1.0 |
|
Addresses requirements for software to be verified as the intended version when first loaded.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system verifies the integrity of the boot process of organization-defined devices.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements spam protection.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs spam protection mechanisms at information system entry points to detect and take action on unsolicited messages.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs spam protection mechanisms at information system exit points to detect and take action on unsolicited messages.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system automatically updates spam protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization centrally manages spam protection mechanisms.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for specified privileges for each account as related to overall access control requirements.
|
1.0 |
|
Addresses the requirement for organization PKI certificate authorities (CAs) to record identity information for a sponsor associated with the role before issuing a role-based certificate.
|
1.0 |
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide their contact information to enable the CA or RA to communicate with the sponsor when required.
|
1.0 |
|
Addresses the requirement for human sponsors of devices named as PKI certificate subjects to provide the devices' equipment attributes if they are to be included in the certificate.
|
1.0 |
