Policy and Technical Sources

Using the trustmark framework, we have completed and/or plan to complete the publication of artifacts (trustmark definitions and trust interoperability profiles) based on the componentization and harmonization of the following policy and technical source documents. To date, we have published 2,000+ such artifacts, with more to come soon. The actual published artifacts are available here.

Please note the following legend for the “Support Level” column:

  • FULL indicates that all source requirements are represented in the framework.
  • PARTIAL indicates that some source requirements are represented, and additional requirements may be forthcoming.
  • PLANNED indicates that the source is planned for analysis and representation in the framework.
Abbrev and LinkSource NameCategoriesSupport Level
ACM PrivacyAssociation for Computing Machinery (ACM) Privacy RecommendationsPrivacyFULL
APEC PrivacyAsia-Pacific Economic Cooperation (APEC) Privacy Framework, Part iii. APEC Information Privacy PrinciplesPrivacyFULL
BAESecurity Assertion Markup Language (SAML) 2.0 Identifier and Protocol Profiles for Back-end Attribute Exchange Version 2.0InteroperabilityPARTIAL
DOC Safe Harbor Privacy PrinciplesU.S. Department of Commerce (DOC) Safe Harbor Privacy PrinciplesPrivacyFULL
FBCA CPX.509 Certificate Policy For The Federal Bridge Certification Authority (FBCA), Version 2.27SecurityFULL
FBI CJIS SPFederal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy, Version 5.3, August 2014SecurityFULL
FICAM SAML 2Federal Identity, Credential, and Access Management (FICAM) Profile of the Security Assertion Markup Language (SAML) 2.0 Web Single Sign-On (SSO) ProfileInteroperabilityFULL
FICAM TFSFederal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions (TFS) Trust Framework Provider Adoption Process for All Levels of Assurance, v2.0.2, March, 14, 2014ID Assurance, PrivacyFULL
Global Fusion Center Privacy PolicyGlobal Fusion Center Privacy Policy Development: Privacy, Civil Rights, and Civil Liberties Policy TemplatePrivacyFULL
HIPAA Privacy RuleHealth Insurance Portability And Accountability Act (HIPAA) of 1996, HIPAA Privacy Rule of 2002, 45 CFR Part 160 and Part 164, Subparts A and EPrivacyFULL
HIPAA Security RuleHealth Insurance Portability And Accountability Act (HIPAA) of 1996, HIPAA Security Rule of 2003, 45 CFR Part 160 and Part 164, Subparts A and CSecurityFULL
HHS Privacy and SecurityU.S. Department of Health and Human Services (HHS) Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information, December 15, 2008Privacy, SecurityFULL
NIEF AERNational Identity Exchange Federation (NIEF) Attribute Encoding Rules 1.0InteroperabilityFULL
NIEF APNational Identity Exchange Federation (NIEF) Attribute Profile 1.0InteroperabilityFULL
NIEF CPNational Identity Exchange Federation (NIEF) Certificate Policy Version 1.0SecurityFULL
NIEF PPNational Identity Exchange Federation (NIEF) Privacy Policy 1.0PrivacyFULL
NIEF U2SNational Identity Exchange Federation (NIEF) Web Browser User-to-System Profile 1.0InteroperabilityFULL
NIST SP 800-53NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014)Security, PrivacyFULL
NIST SP 800-63-2NIST Special Publication 800-63-2: Electronic Authentication Guideline, August, 2013ID AssuranceFULL
NIST SP 800-63 r3NIST Special Publication 800-63, Revision 3: Digital Identity Guidelines, June 2017ID AssuranceFULL
OECD PrivacyOrganization of Economic Cooperation and Development (OECD) Privacy PrinciplesPrivacyFULL