| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for verifying that an information system audits the identity of internal users associated with denied communications.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system enforces adherence to protocol formats.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system blocks both inbound and outbound communications traffic between organization-defined communication clients that are independently configured by end users and external service providers.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system denies network communications traffic by default at managed interfaces and allows network communications traffic by exception (i.e., deny all, permit by exception).
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system disables feedback to senders on protocol format validation failure.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides the capability to dynamically isolate/segregate organization-defined information system components from other components of the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization documents each exception to the traffic flow policy with a supporting mission/business need and duration of that need.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a managed interface for each external telecommunication service.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects the confidentiality and integrity of the information being transmitted across each interface.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization reviews exceptions to the traffic flow policy at an organization-defined frequency and removes exceptions that are no longer supported by an explicit mission/business need.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization establishes a traffic flow policy for each managed interface.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system fails securely in the event of an operational failure of a boundary protection device.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements organization-defined host-based boundary protection mechanisms at organization-defined information system components.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization employs boundary protection mechanisms to separate organization-defined information system components supporting organization-defined missions and/or business functions.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization isolates organization-defined information security tools, mechanisms, and support components from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system prevents discovery of specific system components composing a managed interface.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system, in conjunction with a remote device, prevents the device from simultaneously establishing non-remote connections with the system and communicating via some other connection to resources in external networks.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prevents the unauthorized exfiltration of information across managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects against unauthorized physical connections at organization-defined managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system only allows incoming communications from organization-defined authorized sources to be routed to organization-defined authorized destinations.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system detects and denies outgoing communications traffic posing a threat to external information systems.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system routes organization-defined internal communications traffic to organization-defined external networks through authenticated proxy servers at managed interfaces.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements separate network addresses (i.e., different subnets) to connect to systems in different security domains.
|
1.0 |
|
Specifies that a health care related organization's contract must provide that the business associate will comply with the applicable requirements of this subpart (Section 164.300-399).
|
1.0 |
