Trustmark Definitions (76-94 of 94)

Trustmark Definition Name	Version
Publication of Supplemental Monitoring Guidance XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish monitoring guidance for products that lack a cybersecurity incident logging capability, across all of its product and service offerings.	1.0
Publication of VDP Authorizing Public Product Testing XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to publish a vulnerability disclosure policy (VDP) that authorizes public testing of its products and services, and prohibits legal action against good-faith researchers who engage in such testing.	1.0
Random Instance-Unique Initial Passwords XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide random, instance-unique initial passwords for each product installation, across all of its product and service offerings.	1.0
Reasonable Retention of Logs at No Extra Cost XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to retain logs for a reasonable period (e.g., 6 months) at no extra cost for all of its cloud-based or Software-as-a-Service (SaaS) product and service offerings.	1.0
Remote Supervised - Presence XML \| JSON \| The requirements for presence verification during remote supervised identity proofing.	3.0
Remote Supervised - Tamperproof XML \| JSON \| The requirements for tamperproof hardware and networks when performing remote supervised identity proofing.	3.0
Remote Supervised - Training XML \| JSON \| The requirements for training of proofing supervisors for remote identity proofing procedures.	3.0
Reuse of Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality XML \| JSON \| Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.4: Reuse of Existing, Well-Secured Software When Feasible Instead of Duplicating Functionality. Requires an organization to lower the costs of software development, expedite software development, and decrease the likelihood of introducing additional security vulnerabilities into the software by reusing software modules and services that have already had their security posture checked. This is particularly important for software that implements security functionality, such as cryptographic modules and protocols.	1.1
Review and/or Analysis of Human-Readable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements XML \| JSON \| Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.7: Review and/or Analysis of Human-Readable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements. Requires an organization to help identify vulnerabilities so that they can be corrected before the software is released to prevent exploitation. Using automated methods lowers the effort and resources needed to detect vulnerabilities. Human-readable code includes source code, scripts, and any other form of code that an organization deems human-readable.	1.1
Review of Software Design to Verify Compliance with Security Requirements and Risk Information XML \| JSON \| Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.2: Review of Software Design to Verify Compliance with Security Requirements and Risk Information. Requires an organization to help ensure that the software will meet the security requirements and satisfactorily address the identified risk information.	1.1
Secure-by-Default Libraries XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide its product developers with secure-by-default libraries and functions that eliminate common classes of vulnerabilities.	1.0
Strong Password Creation During Installation XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to require users to create a strong password during initial product installation and configuration, across all of its product and service offerings.	1.0
Supervised Identity Proofing - Biometrics XML \| JSON \| The requirements for biometric collect for supervised identity proofing.	3.0
Support for Standards-Based SSO XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to support single sign-on (SSO) configurations that are standards-based (e.g., using SAML or OpenID Connect) and that enable multi-factor authentication (MFA) through customers' identity providers, across all of its product and service offerings.	1.0
Deprecated Test 001 XML \| JSON \| TD Description Goes Here	0.1-BETA
Testing of Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements XML \| JSON \| Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.8: Testing of Executable Code to Identify Vulnerabilities and Verify Compliance with Security Requirements. Requires an organization to help identify vulnerabilities so that they can be corrected before the software is released in order to prevent exploitation. Using automated methods lowers the effort and resources needed to detect vulnerabilities and improves traceability and repeatability. Executable code includes binaries, directly executed bytecode and source code, and any other form of code that an organization deems executable.	1.1
Transition Away from Default Passwords XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to take steps to transition all of its existing product and service deployments away from default passwords through outreach campaigns or software updates.	1.0
Vulnerability Reporting Channel and Public Disclosure XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to provide a clear vulnerability reporting channel for its products and services, and also allow public disclosure of discovered vulnerabilities as per coordinated disclosure standards.	1.0
Web Template Frameworks with XSS Protections XML \| JSON \| Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to adopt web template frameworks with built-in cross-site scripting (XSS) protections, across all of its product and service offerings.	1.0

This page is also available as JSON and XML.