Trustmark Definitions (76-100 of 3247)

Trustmark Definition Name	Version
Accountability - Motivated Parties - Risks XML \| JSON \| Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy risks are motivated to do so.	1.0
Accountability - Motivated Parties - Violations XML \| JSON \| Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy violation incidents are motivated to do so.	1.0
Accountability - Notification of Violations XML \| JSON \| Defines privacy requirements related to monitoring for providing notice of privacy violations or security breaches.	1.0
Accountability - Sanctions XML \| JSON \| Defines privacy requirements for enforcing adherence to privacy policies through sanctions for policy violations.	1.0
Accountability - Sharing XML \| JSON \| Defines privacy requirements for organizations to promote accountability for how sensitive information is shared.	1.0
Accountability - Training - Risks XML \| JSON \| Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy risks are trained to do so.	1.0
Accountability - Training - Violations XML \| JSON \| Defines privacy requirements organizations to ensure that parties most able to mitigate potential privacy violation incidents are trained to do so.	1.0
Accountability of PKI Hardware Module Location is Maintained XML \| JSON \| Addresses the requirement for accountability for the location of PKI hardware modules until subscribers accept possession.	1.0
Accounting of Certificate Status Server Private Key Backups XML \| JSON \| Addresses backup handling for keys used with PKI.	1.0
Accounting of Disclosures of Protected Health Information XML \| JSON \| Specifies that a covered entity must have policies and procedures to permit an individual to receive an accounting of disclosures of protected health information made by a covered entity in the six years prior to the date on which the accounting is requested, except for certain disclosures.	1.0
Accounting of Organization PKI Certificate Authority (CA) Private Key Backups XML \| JSON \| Addresses the requirement for all copies of CA private signature keys to be accounted for in the same manner as the original.	1.0
Acquisition Process \| Continuous Monitoring Plan XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce a plan for the continuous monitoring of security control effectiveness that contains an organization-defined level of detail.	1.0
Acquisition Process \| Design / Implementation Information For Security Controls XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to provide design and implementation information for the security controls to be employed that includes: security-relevant external system interfaces, high-level design, low-level design, source code or hardware schematics, or other organization-defined design/implementation information.	1.0
Acquisition Process \| Development Methods / Techniques / Practices XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to demonstrate the use of a system development life cycle that includes organization-defined state-of-the-practice system/security engineering methods, software development methods, testing/evaluation/validation techniques, and quality control processes.	1.0
Acquisition Process \| Functional Properties Of Security Controls XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to provide a description of the functional properties of the security controls to be employed.	1.0
Acquisition Process \| Functions / Ports / Protocols / Services In Use XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to identify early in the system development life cycle, the functions, ports, protocols, and services intended for organizational use.	1.0
Acquisition Process \| Niap-Approved Protection Profiles XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization: (a) Limits the use of commercially provided information assurance (IA) and IA-enabled information technology products to those products that have been successfully evaluated against a National Information Assurance partnership (NIAP)-approved Protection Profile for a specific technology type, if such a profile exists; and (b) Requires, if no NIAP-approved Protection Profile exists for a specific technology type but a commercially provided information technology product relies on cryptographic functionality to enforce its security policy, that the cryptographic module is FIPS-validated. .	1.0
Acquisition Process \| System / Component / Service Configurations XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to: (a) Deliver the system, component, or service with organization-defined security configurations implemented; and (b) Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade. .	1.0
Acquisition Process \| Use Of Information Assurance Products XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization: (a) Employs only government off-the-shelf (GOTS) or commercial off-the-shelf (COTS) information assurance (IA) and IA-enabled information technology products that compose an NSA-approved solution to protect U.S. classified information when the networks used to transmit the information are at a lower classification level than the information being transmitted; and (b) Ensures that these products have been evaluated and/or validated by NSA or in accordance with NSA-approved procedures. .	1.0
Actions Taken By Malicious Code, Spam, and Spyware Protection XML \| JSON \| Defines conformance and assessment criteria for verifying that an organization uses spam and spyware protection mechanisms to detect and take appropriate action on unsolicited messages and spyware/adware, respectively, transported by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g. diskettes or compact disks) or other removable media.	1.0
Activation Data For PKI Subscriber Private Keys Is Biometric XML \| JSON \| This Trustmark Definition enables organizations to be assessed and demonstrate that activation data for PKI subscriber private keys is biometric in nature.	1.0
Activation Data For PKI Subscriber Private Keys Is Memorized XML \| JSON \| This Trustmark Definition enables organizations to be assessed and demonstrate that memorization of activation data for PKI subscriber private keys is used to protect it from disclosure.	1.0
Activation Data For PKI Subscriber Private Keys Is Protected XML \| JSON \| Addresses the requirement to protect data used to unlock PKI subscriber private keys from disclosure.	1.0
Activation Data For PKI Subscriber Private Keys Is Recorded and Secured XML \| JSON \| This Trustmark Definition enables organizations to be assessed and demonstrate that activation data for PKI subscriber private keys is recorded and secured at the level of assurance associated with the activation of the cryptographic module.	1.0
Activation Data For PKI Subscriber Private Keys Not Stored With Cryptographic Module XML \| JSON \| Addresses the requirement for PKI subcriber private key activation data to not be stored with the associated cryptographic module.	1.0

This page is also available as JSON and XML.