The Trellix Information Security Management System (Trellix ISMS) is at the core of the global information security program. It is designed to ensure that a risk-based approach is taken for the selection, implementation, and monitoring of appropriate security controls throughout the organization.
The baseline security controls that comprise the Trellix ISMS are based on National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 5 and are further derived into management, operational, and technical categories. Industry standards, best practices, and additional security control frameworks may be used for specific zones and products beyond the Trellix baseline, such as FedRAMP, SSAE18, TISAX, IRAP, and others.
A set of internal policies and procedures govern the implementation, monitoring, and effectiveness of the security controls. Governance of the Trellix ISMS is maintained by management system reviews and operational reviews, focused on security operational control monitoring. The Trellix ISMS aligns and is certified to ISO/IEC 27001: 2013 specifications..