| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for verification of security controls following system maintenance as related to overall maintenance requirements.
|
1.0 |
|
Federation authorities must have mechanisms in place to establish the security, identity, privacy, and interoperability standards for the federation, as well as providing details on how they ensure participants meet those requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that escorts for privileged remote sessions are able to end the session at any time.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors privileged remote sessions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that escorts for privileged remote sessions are familiar with the system/area in which the work is being performed.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization utilizes VLAN technology to segment VoIP traffic from data traffic.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization maintains audit logs for all virtual machines and hosts and stores the logs outside the hosts' virtual environment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization isolates host systems from virtual machines.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes implementation guidance for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes usage restrictions for Voice over Internet Protocol (VoIP) technologies based on the potential to cause damage to the information system if used maliciously.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization authorizes the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization controls the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization monitors the use of VoIP within the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has deployed Voice Over IP (VoIP) on a network that contains unencrypted sensitive information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization has established usage restrictions and implementation guidance for VoIP technologies.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for vulnerability remediation as related to overall risk assessment requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for vulnerability scanning of information systems as related to overall risk assessment requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to compare the results of vulnerability scans over time to determine trends in information system vulnerabilities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs vulnerability scanning procedures that can identify the breadth and depth of coverage (i.e., information system components scanned and vulnerabilities checked).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization correlates the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization determines what information about the information system is discoverable by adversaries and subsequently takes corrective actions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements privileged access authorization to organization-identified information system components for selected organization-defined vulnerability scanning activities.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews historic audit logs to determine if a vulnerability identified in the information system has been previously exploited.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization updates the information system vulnerabilities scanned at an organization-defined frequency, prior to a new scan, or when new vulnerabilities are identified and reported.
|
1.0 |
