Trustmark Definitions (251-275 of 3301)

Trustmark Definition Name Version
Authenticated and Protected Channels will be used for all communication between the IdP, Subscriber, and RP.
1.0
Addresses the requirement for an organization's methods for publicizing revoked PKI certificates to provide authentication services commensurate with the assurance level of the certificates being verified.
1.0
Some authenticator types are not susceptible to online guessing attacks and thus may not require mitigation against these attacks.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for documented security planning procedures as related to overall security planning requirements.
1.0
Addresses requirements for an organization's PKI certificate policy to certificate application procedures.
1.0
Defines conformance and assessment criteria for verifying that an organization requires inoperable electronic media to be destroyed.
1.0
Defines conformance and assessment criteria for verifying that an organization conducts capacity planning so that necessary capacity for information processing, telecommunications, and environmental support exists during contingency operations.
1.0
Authentication with authenticators that do not use biometrics.
1.0
Defines conformance and assessment criteria for verifying that an organization develops and documents a configuration management plan for the information system that addresses roles, responsibilities, and configuration management processes and procedures.
1.0
Specifies requirements as defined by the National Identity Exchange Federation (NIEF) to verify that a Service Provider Organiation (SPO) follows appropriate rpolicy-level ules related to the requesting of attributes from Identity Provider Organizations (IDPOs) and Attribute Provider Organizations (APOs).
1.0
Defines conformance and assessment criteria for verifying that an information system limits the number of concurrent sessions for its users.
1.0
Defines conformance and assessment criteria for verifying that an organization implements a process for ensuring that plans of action and milestones for the security program and associated organizational information systems document the remedial information security actions to adequately respond to risk to the Nation.
1.0
Credential Service Providers using hardware based authenticators should document their resistance to side channel attacks within their risk assessment.
1.0
Defines conformance and assessment criteria for verifying that an information system at organization-defined information system components loads and executes the operating environment from hardware-enforced, read-only media.
1.0
Defines conformance and assessment criteria for verifying that the signed user agreement between the organization and the FBI CJIS Division include the standards and sanctions governing utilization of CJIS systems.
1.0
Addresses the requirement for activation data used to unlock Organization CA private keys to have an appropriate level of strength for the keys or data to be protected.
1.0
Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for dissemination of information system risk assessment results as related to overall risk assessment requirements.
1.0
Addresses the requirement for a trusted agent of the issuer to perform biometric 1:1 matching for resetting PKI private key activation data..
1.0
Defines privacy requirements for organizations to apply security measures to all potential storage of sensitive information.
1.0
Defines conformance and assessment criteria for verifying that an organization disables ports within the information system deemed to be unnecessary and/or nonsecure.
1.0
Defines conformance and assessment criteria for verifying that an information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).
1.0
Specifies requirements for an organization that seeks to become recognized as a member of the National Identiy Exchange Federation (NIEF).
1.0
Defines conformance and assessment criteria for verifying that an organization documents each exception to the traffic flow policy with a supporting mission/business need and duration of that need.
1.0
Defines conformance and assessment criteria for compliance with minimum security requirements for monitoring of individuals' basic security awareness training as related to overall awareness and training requirements.
1.0
This page is also available as JSON and XML.