| Trustmark Definition Name | Version |
|---|---|
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, ensures that the standby components are successfully and transparently installed within organization-defined time period.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
|
This Trustmark Definition addresses the requirement for organizations to document duties and procedures for PKI Trusted Roles.
|
1.0 |
|
This Trustmark Definition addresses the requirement for hardware updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
This Trustmark Definition addresses the requirement for organizations to require device PKI certificate subscribers to re-establish identity for re-keying through means commensurate with the certificate's strength.
|
1.0 |
|
This Trustmark Definition addresses the requirement that for organization PKI certificate authorities (CAs), the authentication of the Subscriber must meet the requirements specified for Subscriber authentication in the Organization CP.
|
1.0 |
|
This Trustmark Definition addresses the requirement for software updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization ensures that cellular devices are configured for local device authentication in accordance with Section 5.13.9.1 of the CJIS Security Policy.
|
1.0 |
|
Relying Parties should only use an assertion for a single login event.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to:
(a) Define quality metrics at the beginning of the development process; and
(b) Provide evidence of meeting the quality metrics [Selection (one or more): organization-defined frequency; organization-defined program review milestones; upon delivery.
.
|
1.0 |
|
This Trustmark Definition addresses privacy requirements that the means the sensitive information controller offers individuals for limiting the disclosure of their sensitive information is included in statements with respect to it.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that the CJIS Agency Coordinator maintains up-to-date records of Contractor's employees who access the system.
|
1.0 |
|
This Trustmark Definition addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an information system provides physical disconnect of collaborative computing devices in a manner that supports ease of use.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for security impact analysis as related to overall configuration management requirements.
|
1.0 |
|
This Trustmark Definition maps to the LOA 2 and LOA 3 Privacy Activity Tracking trust criteria of the FICAM Trust Framework Provider Adoption Process.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan full restoration as related to overall contingency planning requirements.
|
1.0 |
|
Relying Parties should not assume subject identifiers transmitted by IdPs are globally unique as it could cause conflicts with values transmitted by other IdPs.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization's CSO has set standards for the selection, supervision, and separation of personnel who have access to CJI.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization protects the information system from information leakage due to electromagnetic signals emanations.
|
1.0 |
|
This Trustmark Definition addresses the requirement for CA Hardware cryptographic modules to be removed when not in use.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for verifying that an organization implements a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational privacy practices.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for physical separation of publicly accessible information system components as related to overall system and communications protection requirements.
|
1.0 |
