Trustmark Definitions (26-50 of 3301)

Trustmark Definition Name Version
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of physical access logs as related to overall physical and environmental protection requirements.
1.0
Defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, ensures that the standby components are successfully and transparently installed within organization-defined time period.
1.0
Addresses the requirement for organizations to document duties and procedures for PKI Trusted Roles.
1.0
Addresses the requirement for hardware updates to be purchased or developed in the same manner as original equipment.
1.0
Addresses the requirement for organizations to require device PKI certificate subscribers to re-establish identity for re-keying through means commensurate with the certificate's strength.
1.0
Addresses the requirement that for organization PKI certificate authorities (CAs), the authentication of the Subscriber must meet the requirements specified for Subscriber authentication in the Organization CP.
1.0
Addresses the requirement for software updates to be purchased or developed in the same manner as original equipment.
1.0
Defines conformance and assessment criteria for verifying that an organization ensures that cellular devices are configured for local device authentication in accordance with Section 5.13.9.1 of the CJIS Security Policy.
1.0
Relying Parties should only use an assertion for a single login event.
1.0
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to: (a) Define quality metrics at the beginning of the development process; and (b) Provide evidence of meeting the quality metrics [Selection (one or more): organization-defined frequency; organization-defined program review milestones; upon delivery. .
1.0
Defines privacy requirements that the means the sensitive information controller offers individuals for limiting the disclosure of their sensitive information is included in statements with respect to it.
1.0
Defines conformance and assessment criteria for verifying that the CJIS Agency Coordinator maintains up-to-date records of Contractor's employees who access the system.
1.0
Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
1.0
Defines conformance and assessment criteria for verifying that an organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility.
1.0
Defines conformance and assessment criteria for verifying that an information system provides physical disconnect of collaborative computing devices in a manner that supports ease of use.
1.0
Specifies privacy requirements for "End-User Activity Tracking" at Level-of-Assurance 2 (LOA2) and Level-of-Assurance 3 (LOA3) under the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Provider Adoption Process (TFPAP).
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for security impact analysis as related to overall configuration management requirements.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan full restoration as related to overall contingency planning requirements.
1.0
Relying Parties should not assume subject identifiers transmitted by IdPs are globally unique as it could cause conflicts with values transmitted by other IdPs.
1.0
Defines conformance and assessment criteria for verifying that an organization ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information.
1.0
Defines conformance and assessment criteria for verifying that an organization's CSO has set standards for the selection, supervision, and separation of personnel who have access to CJI.
1.0
Defines conformance and assessment criteria for verifying that an organization protects the information system from information leakage due to electromagnetic signals emanations.
1.0
Addresses the requirement for CA Hardware cryptographic modules to be removed when not in use.
1.0
Defines conformance and assessment criteria for verifying that an organization implements a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational privacy practices.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for physical separation of publicly accessible information system components as related to overall system and communications protection requirements.
1.0
This page is also available as JSON and XML.