Using the trustmark framework, we have completed and/or plan to complete the publication of artifacts (trustmark definitions and trust interoperability profiles) based on the componentization and harmonization of the following policy and technical source documents. To date, we have published 2,000+ such artifacts, with more to come soon. The actual published artifacts are available here.
Please note the following legend for the “Support Level” column:
- FULL indicates that all source requirements are represented in the framework.
- PARTIAL indicates that some source requirements are represented, and additional requirements may be forthcoming.
- PLANNED indicates that the source is planned for analysis and representation in the framework.
Abbrev and Link | Source Name | Categories | Support Level |
---|---|---|---|
ACM Privacy | Association for Computing Machinery (ACM) Privacy Recommendations | Privacy | FULL |
APEC Privacy | Asia-Pacific Economic Cooperation (APEC) Privacy Framework, Part iii. APEC Information Privacy Principles | Privacy | FULL |
BAE | Security Assertion Markup Language (SAML) 2.0 Identifier and Protocol Profiles for Back-end Attribute Exchange Version 2.0 | Interoperability | PARTIAL |
DOC Safe Harbor Privacy Principles | U.S. Department of Commerce (DOC) Safe Harbor Privacy Principles | Privacy | FULL |
FBCA CP | X.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA), Version 2.27 | Security | FULL |
FBI CJIS SP | Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy, Version 5.3, August 2014 | Security | FULL |
FICAM SAML 2 | Federal Identity, Credential, and Access Management (FICAM) Profile of the Security Assertion Markup Language (SAML) 2.0 Web Single Sign-On (SSO) Profile | Interoperability | FULL |
FICAM TFS | Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions (TFS) Trust Framework Provider Adoption Process for All Levels of Assurance, v2.0.2, March, 14, 2014 | ID Assurance, Privacy | FULL |
Global Fusion Center Privacy Policy | Global Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy Template | Privacy | FULL |
HIPAA Privacy Rule | Health Insurance Portability And Accountability Act (HIPAA) of 1996, HIPAA Privacy Rule of 2002, 45 CFR Part 160 and Part 164, Subparts A and E | Privacy | FULL |
HIPAA Security Rule | Health Insurance Portability And Accountability Act (HIPAA) of 1996, HIPAA Security Rule of 2003, 45 CFR Part 160 and Part 164, Subparts A and C | Security | FULL |
HHS Privacy and Security | U.S. Department of Health and Human Services (HHS) Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, December 15, 2008 | Privacy, Security | FULL |
NIEF AER | National Identity Exchange Federation (NIEF) Attribute Encoding Rules 1.0 | Interoperability | FULL |
NIEF AP | National Identity Exchange Federation (NIEF) Attribute Profile 1.0 | Interoperability | FULL |
NIEF CP | National Identity Exchange Federation (NIEF) Certificate Policy Version 1.0 | Security | FULL |
NIEF PP | National Identity Exchange Federation (NIEF) Privacy Policy 1.0 | Privacy | FULL |
NIEF U2S | National Identity Exchange Federation (NIEF) Web Browser User-to-System Profile 1.0 | Interoperability | FULL |
NIST SP 800-53 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014) | Security, Privacy | FULL |
NIST SP 800-63-2 | NIST Special Publication 800-63-2: Electronic Authentication Guideline, August, 2013 | ID Assurance | FULL |
NIST SP 800-63 r3 | NIST Special Publication 800-63, Revision 3: Digital Identity Guidelines, June 2017 | ID Assurance | FULL |
OECD Privacy | Organization of Economic Cooperation and Development (OECD) Privacy Principles | Privacy | FULL |