• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 32317
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 77079
13-05 Controls catalog SQL export Hits: 11666
AC-01 Access Control Policies and Procedures Hits: 51025
AC-02 Account Management Hits: 35414
AC-03 Access Enforcement Hits: 38554
AC-04 Information Flow Enforcement Hits: 40891
AC-05 Separation Of Duties Hits: 21819
AC-06 Least Privilege Hits: 21734
AC-07 Unsuccessful Login Attempts Hits: 20198
AC-08 System Use Notification Hits: 18656
AC-09 Previous Logon Notification Hits: 14815
AC-10 Concurrent Session Control Hits: 16476
AC-11 Session Lock Hits: 19194
AC-12 Session Termination Hits: 18403
AC-13 Supervision And Review -- Access Control Hits: 13531
AC-14 Permitted Actions Without Identification Or Authentication Hits: 11647
AC-15 Automated Marking Hits: 10511
AC-16 Automated Labeling Hits: 9695
AC-17 Remote Access Hits: 19910
AC-18 Wireless Access Restrictions Hits: 18340
AC-19 Access Control For Portable And Mobile Devices Hits: 18145
AC-20 Use Of External Information Systems Hits: 17576
AT-01 Security Awareness And Training Policy And Procedures Hits: 20224
AT-02 Security Awareness Hits: 18250
AT-03 Security Training Hits: 17738
AT-04 Security Training Records Hits: 12311
AT-05 Contacts With Security Groups And Associations Hits: 9973
AU-01 Audit And Accountability Policy And Procedures Hits: 21018
AU-02 Auditable Events Hits: 28968
AU-03 Content Of Audit Records Hits: 18110
AU-04 Audit Storage Capacity Hits: 14429
AU-05 Response To Audit Processing Failures Hits: 17787
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 38501
AU-07 Audit Reduction And Report Generation Hits: 17299
AU-08 Time Stamps Hits: 14326
AU-09 Protection Of Audit Information Hits: 18667
AU-10 Non-Repudiation Hits: 18432
AU-11 Audit Record Retention Hits: 16114
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 18550
CA-02 Security Assessments Hits: 22264
CA-03 Information System Connections Hits: 13086
CA-04 Security Certification Hits: 16669
CA-05 Plan Of Action And Milestones Hits: 12431
CA-06 Security Accreditation Hits: 13958
CA-07 Continuous Monitoring Hits: 20669
CM-01 Configuration Management Policy And Procedures Hits: 19171
CM-02 Baseline Configuration Hits: 22281
CM-03 Configuration Change Control Hits: 21119
CM-04 Monitoring Configuration Changes Hits: 14395
CM-05 Access Restrictions For Change Hits: 17348
CM-06 Configuration Settings Hits: 20492
CM-07 Least Functionality Hits: 24695
CM-08 Information System Component Inventory Hits: 18534
CP-01 Contingency Planning Policy And Procedures Hits: 13622
CP-02 Contingency Plan Hits: 14270
CP-03 Contingency Training Hits: 11688
CP-04 Contingency Plan Testing And Exercises Hits: 19733
CP-05 Contingency Plan Update Hits: 10663
CP-06 Alternate Storage Site Hits: 12345
CP-07 Alternate Processing Site Hits: 14632
CP-08 Telecommunications Services Hits: 8924
CP-09 Information System Backup Hits: 17784
CP-10 Information System Recovery And Reconstitution Hits: 16675
IA-01 Identification And Authentication Policy And Procedures Hits: 21008
IA-02 User Identification And Authentication Hits: 29026
IA-03 Device Identification And Authentication Hits: 24913
IA-04 Identifier Management Hits: 18246
IA-05 Authenticator Management Hits: 20111
IA-06 Authenticator Feedback Hits: 14768
IA-07 Cryptographic Module Authentication Hits: 20834
IR-01 Incident Response Policy And Procedures Hits: 15334
IR-02 Incident Response Training Hits: 13597
IR-03 Incident Response Testing And Exercises Hits: 15703
IR-04 Incident Handling Hits: 25442
IR-05 Incident Monitoring Hits: 13741
IR-06 Incident Reporting Hits: 13564
IR-07 Incident Response Assistance Hits: 14137
MA-01 System Maintenance Policy And Procedures Hits: 13566
MA-02 Controlled Maintenance Hits: 14949
MA-03 Maintenance Tools Hits: 12722
MA-04 Remote Maintenance Hits: 14986
MA-05 Maintenance Personnel Hits: 10563
MA-06 Timely Maintenance Hits: 11597
MP-01 Media Protection Policy And Procedures Hits: 13258
MP-02 Media Access Hits: 13799
MP-03 Media Labeling Hits: 9815
MP-04 Media Storage Hits: 10331
MP-05 Media Transport Hits: 10443
MP-06 Media Sanitization And Disposal Hits: 11537
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 12759
PE-02 Physical Access Authorizations Hits: 11348
PE-03 Physical Access Control Hits: 15159
PE-04 Access Control For Transmission Medium Hits: 11004
PE-05 Access Control For Display Medium Hits: 10133
PE-06 Monitoring Physical Access Hits: 13163
PE-07 Visitor Control Hits: 9025
PE-08 Access Records Hits: 7776
PE-09 Power Equipment And Power Cabling Hits: 10588
PE-10 Emergency Shutoff Hits: 10365
PE-11 Emergency Power Hits: 9791
PE-12 Emergency Lighting Hits: 9811
PE-13 Fire Protection Hits: 10304
PE-14 Temperature And Humidity Controls Hits: 9639
PE-15 Water Damage Protection Hits: 10103
PE-16 Delivery And Removal Hits: 10190
PE-17 Alternate Work Site Hits: 7921
PE-18 Location Of Information System Components Hits: 7971
PE-19 Information Leakage Hits: 9898
PL-01 Security Planning Policy And Procedures Hits: 17443
PL-02 System Security Plan Hits: 12870
PL-03 System Security Plan Update Hits: 7265
PL-04 Rules Of Behavior Hits: 14249
PL-05 Privacy Impact Assessment Hits: 9620
PL-06 Security-Related Activity Planning Hits: 7527
PS-01 Personnel Security Policy And Procedures Hits: 14431
PS-02 Position Categorization Hits: 8302
PS-03 Personnel Screening Hits: 9215
PS-04 Personnel Termination Hits: 7729
PS-05 Personnel Transfer Hits: 7245
PS-06 Access Agreements Hits: 13410
PS-07 Third-Party Personnel Security Hits: 12631
PS-08 Personnel Sanctions Hits: 9118
RA-01 Risk Assessment Policy And Procedures Hits: 13265
RA-02 Security Categorization Hits: 16296
RA-03 Risk Assessment Hits: 18671
RA-04 Risk Assessment Update Hits: 12750
RA-05 Vulnerability Scanning Hits: 22451
SA-01 System And Services Acquisition Policy And Procedures Hits: 18009
SA-02 Allocation Of Resources Hits: 14375
SA-03 Life Cycle Support Hits: 16515
SA-04 Acquisitions Hits: 15525
SA-05 Information System Documentation Hits: 26460
SA-06 Software Usage Restrictions Hits: 12505
SA-07 User Installed Software Hits: 12174
SA-08 Security Engineering Principles Hits: 19858
SA-09 External Information System Services Hits: 14824
SA-10 Developer Configuration Management Hits: 13657
SA-11 Developer Security Testing Hits: 11723
SC-01 System And Communications Protection Policy And Procedures Hits: 15807
SC-02 Application Partitioning Hits: 15293
SC-03 Security Function Isolation Hits: 18549
SC-04 Information Remnance Hits: 19274
SC-05 Denial Of Service Protection Hits: 18490
SC-06 Resource Priority Hits: 12629
SC-07 Boundary Protection Hits: 31238
SC-08 Transmission Integrity Hits: 21206
SC-09 Transmission Confidentiality Hits: 19877
SC-10 Network Disconnect Hits: 13287
SC-11 Trusted Path Hits: 16021
SC-12 Cryptographic Key Establishment And Management Hits: 17464
SC-13 Use Of Cryptography Hits: 19445
SC-14 Public Access Protections Hits: 10948
SC-15 Collaborative Computing Hits: 13723
SC-16 Transmission Of Security Parameters Hits: 8355
SC-17 Public Key Infrastructure Certificates Hits: 9489
SC-18 Mobile Code Hits: 19829
SC-19 Voice Over Internet Protocol Hits: 7913
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 19430
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 10815
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 10633
SC-23 Session Authenticity Hits: 20215
SI-01 System And Information Integrity Policy And Procedures Hits: 14304
SI-02 Flaw Remediation Hits: 27862
SI-03 Malicious Code Protection Hits: 24140
SI-04 Information System Monitoring Tools And Techniques Hits: 26969
SI-05 Security Alerts And Advisories Hits: 14946
SI-06 Security Functionality Verification Hits: 20675
SI-07 Software And Information Integrity Hits: 19100
SI-08 Spam Protection Hits: 9649
SI-09 Information Input Restrictions Hits: 9792
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 19078
SI-11 Error Handling Hits: 14928
SI-12 Information Output Handling And Retention Hits: 11430