| Trustmark Definition Name | Version |
|---|---|
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for systems to finish pending actions on loss of air conditioning.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for systems to finish pending actions on power loss.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for systems to record the state of equipment on loss of air conditioning.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for systems to record the state of equipment on power loss.
|
1.0 |
|
Addresses the requirement for organizations to backup their CA private signature keys.
|
1.0 |
|
Addresses the requirement for off-site storage of organization CA private signature key backups.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for backup of system documentation as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for backup of system information as related to overall contingency planning requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for backup of user information as related to overall contingency planning requirements.
|
1.0 |
|
Addresses the requirement for the backup shall be stored at a site with physical controls commensurate to that of the operational system.
|
1.0 |
|
Addresses the requirement for the backup shall be stored at a site with procedural controls commensurate to that of the operational system.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for baseline configuration as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs automated mechanisms to maintain an up-to-date, complete, accurate, and readily available baseline configuration of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization issues information systems, system components, or devices with organization-defined configurations to individuals traveling to locations that the organization deems to be of significant risk.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization applies security safeguards to information systems, system components, or devices issued to individuals when they return from locations that the organization deems to be of significant risk.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization maintains a baseline configuration for information system development and test environments that is managed separately from the operational baseline configuration.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization retains [Assignment: organization-defined previous versions of baseline configurations of the information system] to support rollback.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system as an integral part of information system component installations and upgrades.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews and updates the baseline configuration of the information system when required due to organization-defined circumstances.
|
1.0 |
|
Addresses the requirement for bi-annual PKI compliance audits.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's security policy addresses the use of Bluetooth and its associated devices.
|
1.0 |
|
Used to demonstrate that an agency or organization is NOT part of the United States federal government, and therefore is not subject to certain rules and regulations that pertain to U.S. federal agencies.
|
1.0 |
|
Defines the requirement for verifying that an organization is a health care provider under HIPAA law by verifying the National Provider Identifier requirement.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization limits the number of external network connections to the information system.
|
1.0 |
