• Home
  • Foundations
    • OSA Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 29623
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 72682
13-05 Controls catalog SQL export Hits: 10350
AC-01 Access Control Policies and Procedures Hits: 46925
AC-02 Account Management Hits: 30620
AC-03 Access Enforcement Hits: 34146
AC-04 Information Flow Enforcement Hits: 35423
AC-05 Separation Of Duties Hits: 19199
AC-06 Least Privilege Hits: 19310
AC-07 Unsuccessful Login Attempts Hits: 18116
AC-08 System Use Notification Hits: 15748
AC-09 Previous Logon Notification Hits: 13412
AC-10 Concurrent Session Control Hits: 14901
AC-11 Session Lock Hits: 17519
AC-12 Session Termination Hits: 16235
AC-13 Supervision And Review -- Access Control Hits: 11773
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10601
AC-15 Automated Marking Hits: 9005
AC-16 Automated Labeling Hits: 8500
AC-17 Remote Access Hits: 17623
AC-18 Wireless Access Restrictions Hits: 16350
AC-19 Access Control For Portable And Mobile Devices Hits: 16074
AC-20 Use Of External Information Systems Hits: 15909
AT-01 Security Awareness And Training Policy And Procedures Hits: 18030
AT-02 Security Awareness Hits: 16233
AT-03 Security Training Hits: 15667
AT-04 Security Training Records Hits: 10926
AT-05 Contacts With Security Groups And Associations Hits: 8906
AU-01 Audit And Accountability Policy And Procedures Hits: 19454
AU-02 Auditable Events Hits: 25876
AU-03 Content Of Audit Records Hits: 16094
AU-04 Audit Storage Capacity Hits: 12833
AU-05 Response To Audit Processing Failures Hits: 15848
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 32824
AU-07 Audit Reduction And Report Generation Hits: 15785
AU-08 Time Stamps Hits: 12476
AU-09 Protection Of Audit Information Hits: 15933
AU-10 Non-Repudiation Hits: 16906
AU-11 Audit Record Retention Hits: 14361
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 16013
CA-02 Security Assessments Hits: 20021
CA-03 Information System Connections Hits: 11789
CA-04 Security Certification Hits: 14559
CA-05 Plan Of Action And Milestones Hits: 10538
CA-06 Security Accreditation Hits: 12211
CA-07 Continuous Monitoring Hits: 18279
CM-01 Configuration Management Policy And Procedures Hits: 17214
CM-02 Baseline Configuration Hits: 20082
CM-03 Configuration Change Control Hits: 18179
CM-04 Monitoring Configuration Changes Hits: 12155
CM-05 Access Restrictions For Change Hits: 15378
CM-06 Configuration Settings Hits: 15067
CM-07 Least Functionality Hits: 22587
CM-08 Information System Component Inventory Hits: 16354
CP-01 Contingency Planning Policy And Procedures Hits: 12282
CP-02 Contingency Plan Hits: 12480
CP-03 Contingency Training Hits: 10394
CP-04 Contingency Plan Testing And Exercises Hits: 18045
CP-05 Contingency Plan Update Hits: 9474
CP-06 Alternate Storage Site Hits: 10777
CP-07 Alternate Processing Site Hits: 13247
CP-08 Telecommunications Services Hits: 7894
CP-09 Information System Backup Hits: 15819
CP-10 Information System Recovery And Reconstitution Hits: 14947
IA-01 Identification And Authentication Policy And Procedures Hits: 18777
IA-02 User Identification And Authentication Hits: 25882
IA-03 Device Identification And Authentication Hits: 21877
IA-04 Identifier Management Hits: 15448
IA-05 Authenticator Management Hits: 18359
IA-06 Authenticator Feedback Hits: 12923
IA-07 Cryptographic Module Authentication Hits: 18646
IR-01 Incident Response Policy And Procedures Hits: 13808
IR-02 Incident Response Training Hits: 11875
IR-03 Incident Response Testing And Exercises Hits: 14219
IR-04 Incident Handling Hits: 22047
IR-05 Incident Monitoring Hits: 12227
IR-06 Incident Reporting Hits: 12053
IR-07 Incident Response Assistance Hits: 12336
MA-01 System Maintenance Policy And Procedures Hits: 12383
MA-02 Controlled Maintenance Hits: 13371
MA-03 Maintenance Tools Hits: 11402
MA-04 Remote Maintenance Hits: 13220
MA-05 Maintenance Personnel Hits: 9348
MA-06 Timely Maintenance Hits: 10459
MP-01 Media Protection Policy And Procedures Hits: 11973
MP-02 Media Access Hits: 12001
MP-03 Media Labeling Hits: 8654
MP-04 Media Storage Hits: 9068
MP-05 Media Transport Hits: 9284
MP-06 Media Sanitization And Disposal Hits: 10101
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11552
PE-02 Physical Access Authorizations Hits: 10118
PE-03 Physical Access Control Hits: 13080
PE-04 Access Control For Transmission Medium Hits: 9933
PE-05 Access Control For Display Medium Hits: 8975
PE-06 Monitoring Physical Access Hits: 11715
PE-07 Visitor Control Hits: 8029
PE-08 Access Records Hits: 6969
PE-09 Power Equipment And Power Cabling Hits: 9507
PE-10 Emergency Shutoff Hits: 8922
PE-11 Emergency Power Hits: 8537
PE-12 Emergency Lighting Hits: 8698
PE-13 Fire Protection Hits: 9083
PE-14 Temperature And Humidity Controls Hits: 8614
PE-15 Water Damage Protection Hits: 8703
PE-16 Delivery And Removal Hits: 9047
PE-17 Alternate Work Site Hits: 7170
PE-18 Location Of Information System Components Hits: 7169
PE-19 Information Leakage Hits: 8846
PL-01 Security Planning Policy And Procedures Hits: 15937
PL-02 System Security Plan Hits: 11020
PL-03 System Security Plan Update Hits: 6399
PL-04 Rules Of Behavior Hits: 12377
PL-05 Privacy Impact Assessment Hits: 8596
PL-06 Security-Related Activity Planning Hits: 6696
PS-01 Personnel Security Policy And Procedures Hits: 13154
PS-02 Position Categorization Hits: 7528
PS-03 Personnel Screening Hits: 8160
PS-04 Personnel Termination Hits: 6860
PS-05 Personnel Transfer Hits: 6413
PS-06 Access Agreements Hits: 11784
PS-07 Third-Party Personnel Security Hits: 11428
PS-08 Personnel Sanctions Hits: 8268
RA-01 Risk Assessment Policy And Procedures Hits: 11947
RA-02 Security Categorization Hits: 14589
RA-03 Risk Assessment Hits: 16644
RA-04 Risk Assessment Update Hits: 11174
RA-05 Vulnerability Scanning Hits: 19398
SA-01 System And Services Acquisition Policy And Procedures Hits: 16662
SA-02 Allocation Of Resources Hits: 12362
SA-03 Life Cycle Support Hits: 14642
SA-04 Acquisitions Hits: 13794
SA-05 Information System Documentation Hits: 22891
SA-06 Software Usage Restrictions Hits: 11015
SA-07 User Installed Software Hits: 10714
SA-08 Security Engineering Principles Hits: 18111
SA-09 External Information System Services Hits: 13450
SA-10 Developer Configuration Management Hits: 12001
SA-11 Developer Security Testing Hits: 10506
SC-01 System And Communications Protection Policy And Procedures Hits: 14433
SC-02 Application Partitioning Hits: 13594
SC-03 Security Function Isolation Hits: 16391
SC-04 Information Remnance Hits: 17391
SC-05 Denial Of Service Protection Hits: 16162
SC-06 Resource Priority Hits: 11062
SC-07 Boundary Protection Hits: 27933
SC-08 Transmission Integrity Hits: 19057
SC-09 Transmission Confidentiality Hits: 17516
SC-10 Network Disconnect Hits: 11718
SC-11 Trusted Path Hits: 14266
SC-12 Cryptographic Key Establishment And Management Hits: 15359
SC-13 Use Of Cryptography Hits: 16633
SC-14 Public Access Protections Hits: 9759
SC-15 Collaborative Computing Hits: 12518
SC-16 Transmission Of Security Parameters Hits: 7450
SC-17 Public Key Infrastructure Certificates Hits: 8507
SC-18 Mobile Code Hits: 17382
SC-19 Voice Over Internet Protocol Hits: 7106
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 17008
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9827
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 9401
SC-23 Session Authenticity Hits: 17956
SI-01 System And Information Integrity Policy And Procedures Hits: 13104
SI-02 Flaw Remediation Hits: 24322
SI-03 Malicious Code Protection Hits: 21946
SI-04 Information System Monitoring Tools And Techniques Hits: 24417
SI-05 Security Alerts And Advisories Hits: 13022
SI-06 Security Functionality Verification Hits: 18286
SI-07 Software And Information Integrity Hits: 17250
SI-08 Spam Protection Hits: 8471
SI-09 Information Input Restrictions Hits: 8607
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 17528
SI-11 Error Handling Hits: 13113
SI-12 Information Output Handling And Retention Hits: 10394