| Trustmark Definition Name | Version |
|---|---|
|
Defines conformance and assessment criteria for compliance with minimum security requirements for maintenance of physical access logs as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization, if information system component failures are detected, ensures that the standby components are successfully and transparently installed within organization-defined time period.
|
1.0 |
|
Addresses the requirement for organizations to document duties and procedures for PKI Trusted Roles.
|
1.0 |
|
Addresses the requirement for hardware updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
Addresses the requirement for organizations to require device PKI certificate subscribers to re-establish identity for re-keying through means commensurate with the certificate's strength.
|
1.0 |
|
Addresses the requirement that for organization PKI certificate authorities (CAs), the authentication of the Subscriber must meet the requirements specified for Subscriber authentication in the Organization CP.
|
1.0 |
|
Addresses the requirement for software updates to be purchased or developed in the same manner as original equipment.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that cellular devices are configured for local device authentication in accordance with Section 5.13.9.1 of the CJIS Security Policy.
|
1.0 |
|
Relying Parties should only use an assertion for a single login event.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to:
(a) Define quality metrics at the beginning of the development process; and
(b) Provide evidence of meeting the quality metrics [Selection (one or more): organization-defined frequency; organization-defined program review milestones; upon delivery.
.
|
1.0 |
|
Defines privacy requirements that the means the sensitive information controller offers individuals for limiting the disclosure of their sensitive information is included in statements with respect to it.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the CJIS Agency Coordinator maintains up-to-date records of Contractor's employees who access the system.
|
1.0 |
|
Addresses the requirement for OCSP responders that generate signatures on OCSP responses to only provide pre-produced signed responses using SHA-1.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization enforces physical access authorizations to the information system in addition to the physical access controls for the facility.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system provides physical disconnect of collaborative computing devices in a manner that supports ease of use.
|
1.0 |
|
Specifies privacy requirements for "End-User Activity Tracking" at Level-of-Assurance 2 (LOA2) and Level-of-Assurance 3 (LOA3) under the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Provider Adoption Process (TFPAP).
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for security impact analysis as related to overall configuration management requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for system contingency plan full restoration as related to overall contingency planning requirements.
|
1.0 |
|
Relying Parties should not assume subject identifiers transmitted by IdPs are globally unique as it could cause conflicts with values transmitted by other IdPs.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization ensures that the information system media downgrading process is commensurate with the security category and/or classification level of the information to be removed and the access authorizations of the potential recipients of the downgraded information.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's CSO has set standards for the selection, supervision, and separation of personnel who have access to CJI.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization protects the information system from information leakage due to electromagnetic signals emanations.
|
1.0 |
|
Addresses the requirement for CA Hardware cryptographic modules to be removed when not in use.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization implements a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational privacy practices.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for physical separation of publicly accessible information system components as related to overall system and communications protection requirements.
|
1.0 |
