| Trustmark Definition Name | Version |
|---|---|
|
Addresses the requirement that roles for which role-based PKI certificates may be issued are limited to those that uniquely identify a specific individual within an organization.
|
1.0 |
|
Specifies that a health care related organization must implement procedures to document repairs and modifications to the physical components of a facility which are related to security.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for control of publicly accessible areas as related to overall physical and environmental protection requirements.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization measures the bandwidth of organization-defined subset of identified covert channels in the operational environment of the information system.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization prohibits the direct connection of an organization-defined information system to a public network.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization's agreements for the sharing of sensitive information address NCIC validation requirements.
|
1.0 |
|
Specifies requirements for contents of the business associate contract between a covered entity and its business associate(s). The business associate must make its internal documents available to the Secretary to determine the covered entity's compliance.
|
1.0 |
|
Relying Parties must require assertions to be encrypted or delivered via protected and authenticated channels.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that the State appointed a Compact Officer pursuant to the National Crime Prevention and Privacy Compact.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization requires that mobile devices functioning as a wireless access point are configured in accordance with all requirements applicable to the organization's other wireless access points.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for review and update of system maintenance policy as related to overall maintenance requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for account managers as related to overall access control requirements.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for authenticator distribution procedures as related to overall identification and authentication requirements.
|
1.0 |
|
This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from removable hardware associated with remote workstations used to administer the CA.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system maintains reviewer/releaser identity and credentials within the established chain of custody for all information reviewed or released.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an organization defines mission/business processes with consideration for information security and the resulting risk to organizational assets.
|
1.0 |
|
Defines privacy requirements related to individuals obtaining sensitive information that is held about them.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an information system implements multifactor authentication for network access to non-privileged accounts.
|
1.0 |
|
Defines privacy requirements for organizations to document the procedures and practices it follows to enable evaluation of user compliance with its system requirements.
|
1.0 |
|
Defines privacy requirements for organizations to identify who is responsible for ensuring that enforcement procedures of the privacy policy are adequate and enforced.
|
1.0 |
|
Specifies requirements for acceptable key generation parameters for use with PKI.
|
1.0 |
|
Defines privacy requirements for organizations to document the conditions under which it will NOT disclose information to an individual about whom information has been gathered.
|
1.0 |
|
Defines conformance and assessment criteria for verifying that an rganization physically controls and securely stores organization-defined types of digital and/or non-digital media within organization-defined controlled areas.
|
1.0 |
|
Defines conformance and assessment criteria for compliance with minimum security requirements for information system risk assessment updates as related to overall risk assessment requirements.
|
1.0 |
