• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 28609
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 70795
13-05 Controls catalog SQL export Hits: 9948
AC-01 Access Control Policies and Procedures Hits: 45349
AC-02 Account Management Hits: 29240
AC-03 Access Enforcement Hits: 32628
AC-04 Information Flow Enforcement Hits: 33686
AC-05 Separation Of Duties Hits: 18553
AC-06 Least Privilege Hits: 18426
AC-07 Unsuccessful Login Attempts Hits: 17321
AC-08 System Use Notification Hits: 14954
AC-09 Previous Logon Notification Hits: 12916
AC-10 Concurrent Session Control Hits: 14394
AC-11 Session Lock Hits: 16747
AC-12 Session Termination Hits: 15475
AC-13 Supervision And Review -- Access Control Hits: 11343
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10145
AC-15 Automated Marking Hits: 8643
AC-16 Automated Labeling Hits: 8081
AC-17 Remote Access Hits: 16855
AC-18 Wireless Access Restrictions Hits: 15586
AC-19 Access Control For Portable And Mobile Devices Hits: 15275
AC-20 Use Of External Information Systems Hits: 15131
AT-01 Security Awareness And Training Policy And Procedures Hits: 17343
AT-02 Security Awareness Hits: 15604
AT-03 Security Training Hits: 15018
AT-04 Security Training Records Hits: 10391
AT-05 Contacts With Security Groups And Associations Hits: 8548
AU-01 Audit And Accountability Policy And Procedures Hits: 18709
AU-02 Auditable Events Hits: 24666
AU-03 Content Of Audit Records Hits: 15134
AU-04 Audit Storage Capacity Hits: 12277
AU-05 Response To Audit Processing Failures Hits: 15296
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 31327
AU-07 Audit Reduction And Report Generation Hits: 15333
AU-08 Time Stamps Hits: 11985
AU-09 Protection Of Audit Information Hits: 15312
AU-10 Non-Repudiation Hits: 16140
AU-11 Audit Record Retention Hits: 13793
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 15337
CA-02 Security Assessments Hits: 19136
CA-03 Information System Connections Hits: 11250
CA-04 Security Certification Hits: 14021
CA-05 Plan Of Action And Milestones Hits: 10146
CA-06 Security Accreditation Hits: 11791
CA-07 Continuous Monitoring Hits: 17484
CM-01 Configuration Management Policy And Procedures Hits: 16603
CM-02 Baseline Configuration Hits: 19200
CM-03 Configuration Change Control Hits: 17427
CM-04 Monitoring Configuration Changes Hits: 11727
CM-05 Access Restrictions For Change Hits: 14796
CM-06 Configuration Settings Hits: 14290
CM-07 Least Functionality Hits: 21641
CM-08 Information System Component Inventory Hits: 15523
CP-01 Contingency Planning Policy And Procedures Hits: 11909
CP-02 Contingency Plan Hits: 12071
CP-03 Contingency Training Hits: 10006
CP-04 Contingency Plan Testing And Exercises Hits: 17457
CP-05 Contingency Plan Update Hits: 9153
CP-06 Alternate Storage Site Hits: 10432
CP-07 Alternate Processing Site Hits: 12703
CP-08 Telecommunications Services Hits: 7632
CP-09 Information System Backup Hits: 15305
CP-10 Information System Recovery And Reconstitution Hits: 14411
IA-01 Identification And Authentication Policy And Procedures Hits: 18109
IA-02 User Identification And Authentication Hits: 24770
IA-03 Device Identification And Authentication Hits: 21050
IA-04 Identifier Management Hits: 14807
IA-05 Authenticator Management Hits: 17763
IA-06 Authenticator Feedback Hits: 12287
IA-07 Cryptographic Module Authentication Hits: 18020
IR-01 Incident Response Policy And Procedures Hits: 13369
IR-02 Incident Response Training Hits: 11469
IR-03 Incident Response Testing And Exercises Hits: 13820
IR-04 Incident Handling Hits: 21164
IR-05 Incident Monitoring Hits: 11631
IR-06 Incident Reporting Hits: 11564
IR-07 Incident Response Assistance Hits: 11869
MA-01 System Maintenance Policy And Procedures Hits: 12017
MA-02 Controlled Maintenance Hits: 12739
MA-03 Maintenance Tools Hits: 11045
MA-04 Remote Maintenance Hits: 12687
MA-05 Maintenance Personnel Hits: 9050
MA-06 Timely Maintenance Hits: 10137
MP-01 Media Protection Policy And Procedures Hits: 11640
MP-02 Media Access Hits: 11548
MP-03 Media Labeling Hits: 8320
MP-04 Media Storage Hits: 8762
MP-05 Media Transport Hits: 8939
MP-06 Media Sanitization And Disposal Hits: 9829
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11211
PE-02 Physical Access Authorizations Hits: 9811
PE-03 Physical Access Control Hits: 12646
PE-04 Access Control For Transmission Medium Hits: 9541
PE-05 Access Control For Display Medium Hits: 8727
PE-06 Monitoring Physical Access Hits: 11328
PE-07 Visitor Control Hits: 7719
PE-08 Access Records Hits: 6707
PE-09 Power Equipment And Power Cabling Hits: 9168
PE-10 Emergency Shutoff Hits: 8652
PE-11 Emergency Power Hits: 8295
PE-12 Emergency Lighting Hits: 8427
PE-13 Fire Protection Hits: 8785
PE-14 Temperature And Humidity Controls Hits: 8324
PE-15 Water Damage Protection Hits: 8422
PE-16 Delivery And Removal Hits: 8737
PE-17 Alternate Work Site Hits: 6895
PE-18 Location Of Information System Components Hits: 6896
PE-19 Information Leakage Hits: 8486
PL-01 Security Planning Policy And Procedures Hits: 15423
PL-02 System Security Plan Hits: 10557
PL-03 System Security Plan Update Hits: 6191
PL-04 Rules Of Behavior Hits: 11886
PL-05 Privacy Impact Assessment Hits: 8291
PL-06 Security-Related Activity Planning Hits: 6486
PS-01 Personnel Security Policy And Procedures Hits: 12679
PS-02 Position Categorization Hits: 7218
PS-03 Personnel Screening Hits: 7888
PS-04 Personnel Termination Hits: 6583
PS-05 Personnel Transfer Hits: 6207
PS-06 Access Agreements Hits: 11197
PS-07 Third-Party Personnel Security Hits: 10950
PS-08 Personnel Sanctions Hits: 7970
RA-01 Risk Assessment Policy And Procedures Hits: 11626
RA-02 Security Categorization Hits: 14080
RA-03 Risk Assessment Hits: 15996
RA-04 Risk Assessment Update Hits: 10735
RA-05 Vulnerability Scanning Hits: 18550
SA-01 System And Services Acquisition Policy And Procedures Hits: 16002
SA-02 Allocation Of Resources Hits: 11970
SA-03 Life Cycle Support Hits: 14081
SA-04 Acquisitions Hits: 13180
SA-05 Information System Documentation Hits: 21984
SA-06 Software Usage Restrictions Hits: 10626
SA-07 User Installed Software Hits: 10352
SA-08 Security Engineering Principles Hits: 17598
SA-09 External Information System Services Hits: 12944
SA-10 Developer Configuration Management Hits: 11562
SA-11 Developer Security Testing Hits: 10151
SC-01 System And Communications Protection Policy And Procedures Hits: 14049
SC-02 Application Partitioning Hits: 13090
SC-03 Security Function Isolation Hits: 15765
SC-04 Information Remnance Hits: 16881
SC-05 Denial Of Service Protection Hits: 15596
SC-06 Resource Priority Hits: 10690
SC-07 Boundary Protection Hits: 26629
SC-08 Transmission Integrity Hits: 18122
SC-09 Transmission Confidentiality Hits: 16975
SC-10 Network Disconnect Hits: 11257
SC-11 Trusted Path Hits: 13719
SC-12 Cryptographic Key Establishment And Management Hits: 14846
SC-13 Use Of Cryptography Hits: 15965
SC-14 Public Access Protections Hits: 9474
SC-15 Collaborative Computing Hits: 12091
SC-16 Transmission Of Security Parameters Hits: 7206
SC-17 Public Key Infrastructure Certificates Hits: 8098
SC-18 Mobile Code Hits: 16599
SC-19 Voice Over Internet Protocol Hits: 6832
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 16161
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9202
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 8840
SC-23 Session Authenticity Hits: 17251
SI-01 System And Information Integrity Policy And Procedures Hits: 12709
SI-02 Flaw Remediation Hits: 23050
SI-03 Malicious Code Protection Hits: 21189
SI-04 Information System Monitoring Tools And Techniques Hits: 23246
SI-05 Security Alerts And Advisories Hits: 12462
SI-06 Security Functionality Verification Hits: 17713
SI-07 Software And Information Integrity Hits: 16737
SI-08 Spam Protection Hits: 8066
SI-09 Information Input Restrictions Hits: 8351
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 17041
SI-11 Error Handling Hits: 12540
SI-12 Information Output Handling And Retention Hits: 9909