| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an organization establishes usage restrictions and implementation guidance for organization-defined information system components based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for use of external information systems - access from external systems as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for use of external information systems - external storage, processing, transmission of information as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization only permits external access when the external systems have met defined security controls.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires approved agreements for use of external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits the use of organization-defined network accessible storage devices in external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization restricts or prohibits the use of non-organizationally owned information systems, system components, or devices to process, store, or transmit organizational information.
|
1.0 |
|
Addresses requirements for exclusive use of new PKI Certificate Authority private signing keys.
|
1.0 |
|
Addresses requirements for the use of old PKI Certificate Authority private signing keys.
|
1.0 |
|
Addresses requirements for the use of trademarks in names in organization-issued PKI certificates.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization's user agreements with the FBI CJIS Division have been coordinated with the CSA head.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires users to "activate" certificates used for authentication on each use.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that user-based certificates used for authentication purposes are specific to an individual user and not to a particular device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits multiple users from utilizing the same certificate for authentication purposes.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization archives user identifiers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides user logout capabilities.
|
1.0 |
|
Addresses requirements for User Principal Names (UPNs) in PKI certificates to be unique.
|
1.0 |
|
Addresses requirements for User Principal Names (UPNs) in PKI certificates to reflect organizational structures.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system alerts organization-defined personnel or roles when the unauthorized installation of software is detected.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prohibits user installation of software without explicit privileged status.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the organization requires users to provide a reason for III inquiries when requested.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that private contractors acknowledge and abide by all aspects of the CJIS Security Addendum.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires users to directly initiate session lock mechanisms to prevent inadvertent viewing when a device is unattended.
|
1.0 |
|
Addresses the requirement for PKI CA key pair generation to create a verifiable audit trail that the security requirements for procedures were followed.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for verification of physical access authorizations as related to overall physical and environmental protection requirements.
|
1.0 |
