

Cyber Trust Mark Core Requirements
> Identify
Understand & manage cybersecurity risks to systems, assets, data, & capabilities.
Categories include:
- Asset management
- Business environment
- Governance
- Risk assessment
- Risk management strategy
- Supply chain risk management
> Protect
Develop & implement safeguards to ensure critical services & data are delivered securely.
Categories include:
- Identity management & access control
- Awareness & training
- Data security
- Information protection process & procedures
- Maintenance
- Protective technology
> Respond
Take action when a cybersecurity event is detected to minimize its impact.
Categories include:
- Response planning
- Communications
- Analysis
- Mitigation
- Improvements
> Detect
Identify cybersecurity incidents promptly.
Categories include:
- Anomalies & events
- Security continuous monitoring
- Detection processes
> Recover
Recover services & operations after a cybersecurity incident.
Categories include:
- Recovery planning
- Improvements
- Communications