CompTIA Security Trustmark

What is the CompTIA Security Trustmark Program?

The CompTIA Security Trustmark is a vendor-neutral business level accreditation on security business capabilities and processes.  These key areas have been agreed upon by key vendor partners, resellers, and end users in the IT industry to promote generally accepted security practices.

The main objective of the CompTIA Security Trustmark accreditation is to create and continually update the baseline standards of security practices around service and support competencies for Solution Providers.

How was the CompTIA Security Trustmark Program Developed?

The CompTIA Security Trustmark was developed by teams of experienced security industry experts during several workshops. Results from these workshops were then statistically validated by a survey to senior security professionals. The Trustmark has been tested by conducting detailed assessments on a number of Solution Provider firms to refine the questionnaire and testing process. The current elements of the CompTIA Security Trustmark represent the best thinking of industry experts. Of course they will be continually modified and updated as technology and industry conditions evolve.

Who is the Target Audience for the CompTIA Security Trustmark?

The CompTIA Security Trustmark was developed for:

• IT Vendors who need security qualified solution providers who the end user trusts to ensure their products are installed and maintained with high customer satisfaction.
• Solution Providers, especially small and medium size firms who need to show both vendors and end-users they have these core competencies and maintain security best practices especially to compete with larger firms.
• End-Users who to be assured their product vendor uses Solution Providers who practice industry accepted best security practices to provide peace of mind with their implemented solutions.

What are the Security Trustmark Program Parameters?

The CompTIA Security Trustmark is an accreditation that can be achieved by small businesses, while holding Solution Providers to the security practices that larger businesses often have the capability to perform. The following are the 12 areas within an organization with requirements for the CompTIA Security Trustmark:

• Business Continuity Planning
• Access Management
• Incident Management
• Personnel Security
• Security Awareness and Training
• Data Protection
• Technical Infrastructure
• Partner Management
• Physical/Environmental Security
• Compliance
• Service Delivery

The CompTIA Security Trustmark will cover common security practices and IT technologies. Listed below are a few examples of technical areas that are part of the over 100+ controls required to be in place to achieve the Security Trustmark accreditation:

• Security Process, Protocol and Standards
• Technical employee knowledge/expertise
• Change Management
• Virus/malware/spyware
• Intrusion detection
• Vulnerability assessment detection
• Data encryptions
• Security clearances – background checks
• Physical and hardware security

Security requirements (permissions, passwords, etc.)

What are the next steps for the Security Trustmark Program?

CompTIA is in the final program process verification steps.  The channel-wide launch of the CompTIA Security Trustmark is slated for late 2008.

How can I find out more about the Security Trustmark?

For more information on CompTIA’s Security Trustmark initiative, contact us at trustmark@comptia.org or at 630.678.8300.