• Home
  • Foundations
    • OSA Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 28226
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 70279
13-05 Controls catalog SQL export Hits: 9925
AC-01 Access Control Policies and Procedures Hits: 44958
AC-02 Account Management Hits: 28921
AC-03 Access Enforcement Hits: 32272
AC-04 Information Flow Enforcement Hits: 33558
AC-05 Separation Of Duties Hits: 18369
AC-06 Least Privilege Hits: 18261
AC-07 Unsuccessful Login Attempts Hits: 17199
AC-08 System Use Notification Hits: 14863
AC-09 Previous Logon Notification Hits: 12872
AC-10 Concurrent Session Control Hits: 14385
AC-11 Session Lock Hits: 16668
AC-12 Session Termination Hits: 15404
AC-13 Supervision And Review -- Access Control Hits: 11275
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10060
AC-15 Automated Marking Hits: 8649
AC-16 Automated Labeling Hits: 8036
AC-17 Remote Access Hits: 16752
AC-18 Wireless Access Restrictions Hits: 15536
AC-19 Access Control For Portable And Mobile Devices Hits: 15234
AC-20 Use Of External Information Systems Hits: 15026
AT-01 Security Awareness And Training Policy And Procedures Hits: 17346
AT-02 Security Awareness Hits: 15539
AT-03 Security Training Hits: 15049
AT-04 Security Training Records Hits: 10349
AT-05 Contacts With Security Groups And Associations Hits: 8535
AU-01 Audit And Accountability Policy And Procedures Hits: 18675
AU-02 Auditable Events Hits: 24411
AU-03 Content Of Audit Records Hits: 15044
AU-04 Audit Storage Capacity Hits: 12245
AU-05 Response To Audit Processing Failures Hits: 15257
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 31466
AU-07 Audit Reduction And Report Generation Hits: 15304
AU-08 Time Stamps Hits: 12002
AU-09 Protection Of Audit Information Hits: 15297
AU-10 Non-Repudiation Hits: 16111
AU-11 Audit Record Retention Hits: 13794
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 15320
CA-02 Security Assessments Hits: 19043
CA-03 Information System Connections Hits: 11257
CA-04 Security Certification Hits: 14027
CA-05 Plan Of Action And Milestones Hits: 10140
CA-06 Security Accreditation Hits: 11807
CA-07 Continuous Monitoring Hits: 17436
CM-01 Configuration Management Policy And Procedures Hits: 16588
CM-02 Baseline Configuration Hits: 19060
CM-03 Configuration Change Control Hits: 17340
CM-04 Monitoring Configuration Changes Hits: 11744
CM-05 Access Restrictions For Change Hits: 14823
CM-06 Configuration Settings Hits: 14317
CM-07 Least Functionality Hits: 21526
CM-08 Information System Component Inventory Hits: 15399
CP-01 Contingency Planning Policy And Procedures Hits: 11914
CP-02 Contingency Plan Hits: 12073
CP-03 Contingency Training Hits: 9995
CP-04 Contingency Plan Testing And Exercises Hits: 17389
CP-05 Contingency Plan Update Hits: 9154
CP-06 Alternate Storage Site Hits: 10401
CP-07 Alternate Processing Site Hits: 12700
CP-08 Telecommunications Services Hits: 7610
CP-09 Information System Backup Hits: 15312
CP-10 Information System Recovery And Reconstitution Hits: 14391
IA-01 Identification And Authentication Policy And Procedures Hits: 18078
IA-02 User Identification And Authentication Hits: 24525
IA-03 Device Identification And Authentication Hits: 21070
IA-04 Identifier Management Hits: 14722
IA-05 Authenticator Management Hits: 17649
IA-06 Authenticator Feedback Hits: 12197
IA-07 Cryptographic Module Authentication Hits: 17980
IR-01 Incident Response Policy And Procedures Hits: 13348
IR-02 Incident Response Training Hits: 11503
IR-03 Incident Response Testing And Exercises Hits: 13839
IR-04 Incident Handling Hits: 21242
IR-05 Incident Monitoring Hits: 11629
IR-06 Incident Reporting Hits: 11566
IR-07 Incident Response Assistance Hits: 11885
MA-01 System Maintenance Policy And Procedures Hits: 12021
MA-02 Controlled Maintenance Hits: 12694
MA-03 Maintenance Tools Hits: 11027
MA-04 Remote Maintenance Hits: 12632
MA-05 Maintenance Personnel Hits: 9041
MA-06 Timely Maintenance Hits: 10107
MP-01 Media Protection Policy And Procedures Hits: 11646
MP-02 Media Access Hits: 11559
MP-03 Media Labeling Hits: 8328
MP-04 Media Storage Hits: 8761
MP-05 Media Transport Hits: 8939
MP-06 Media Sanitization And Disposal Hits: 9821
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11207
PE-02 Physical Access Authorizations Hits: 9776
PE-03 Physical Access Control Hits: 12618
PE-04 Access Control For Transmission Medium Hits: 9533
PE-05 Access Control For Display Medium Hits: 8733
PE-06 Monitoring Physical Access Hits: 11343
PE-07 Visitor Control Hits: 7768
PE-08 Access Records Hits: 6696
PE-09 Power Equipment And Power Cabling Hits: 9173
PE-10 Emergency Shutoff Hits: 8682
PE-11 Emergency Power Hits: 8289
PE-12 Emergency Lighting Hits: 8429
PE-13 Fire Protection Hits: 8797
PE-14 Temperature And Humidity Controls Hits: 8340
PE-15 Water Damage Protection Hits: 8432
PE-16 Delivery And Removal Hits: 8743
PE-17 Alternate Work Site Hits: 6885
PE-18 Location Of Information System Components Hits: 6883
PE-19 Information Leakage Hits: 8481
PL-01 Security Planning Policy And Procedures Hits: 15389
PL-02 System Security Plan Hits: 10513
PL-03 System Security Plan Update Hits: 6183
PL-04 Rules Of Behavior Hits: 11798
PL-05 Privacy Impact Assessment Hits: 8288
PL-06 Security-Related Activity Planning Hits: 6475
PS-01 Personnel Security Policy And Procedures Hits: 12663
PS-02 Position Categorization Hits: 7194
PS-03 Personnel Screening Hits: 7904
PS-04 Personnel Termination Hits: 6586
PS-05 Personnel Transfer Hits: 6193
PS-06 Access Agreements Hits: 11205
PS-07 Third-Party Personnel Security Hits: 10922
PS-08 Personnel Sanctions Hits: 7949
RA-01 Risk Assessment Policy And Procedures Hits: 11601
RA-02 Security Categorization Hits: 14050
RA-03 Risk Assessment Hits: 15958
RA-04 Risk Assessment Update Hits: 10760
RA-05 Vulnerability Scanning Hits: 18385
SA-01 System And Services Acquisition Policy And Procedures Hits: 15928
SA-02 Allocation Of Resources Hits: 11977
SA-03 Life Cycle Support Hits: 14067
SA-04 Acquisitions Hits: 13158
SA-05 Information System Documentation Hits: 22048
SA-06 Software Usage Restrictions Hits: 10663
SA-07 User Installed Software Hits: 10385
SA-08 Security Engineering Principles Hits: 17592
SA-09 External Information System Services Hits: 12902
SA-10 Developer Configuration Management Hits: 11564
SA-11 Developer Security Testing Hits: 10163
SC-01 System And Communications Protection Policy And Procedures Hits: 14027
SC-02 Application Partitioning Hits: 13088
SC-03 Security Function Isolation Hits: 15704
SC-04 Information Remnance Hits: 16835
SC-05 Denial Of Service Protection Hits: 15555
SC-06 Resource Priority Hits: 10694
SC-07 Boundary Protection Hits: 26438
SC-08 Transmission Integrity Hits: 18072
SC-09 Transmission Confidentiality Hits: 16888
SC-10 Network Disconnect Hits: 11209
SC-11 Trusted Path Hits: 13688
SC-12 Cryptographic Key Establishment And Management Hits: 14836
SC-13 Use Of Cryptography Hits: 15782
SC-14 Public Access Protections Hits: 9467
SC-15 Collaborative Computing Hits: 12090
SC-16 Transmission Of Security Parameters Hits: 7184
SC-17 Public Key Infrastructure Certificates Hits: 8060
SC-18 Mobile Code Hits: 16492
SC-19 Voice Over Internet Protocol Hits: 6837
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 16022
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9189
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 8825
SC-23 Session Authenticity Hits: 17162
SI-01 System And Information Integrity Policy And Procedures Hits: 12682
SI-02 Flaw Remediation Hits: 22733
SI-03 Malicious Code Protection Hits: 21064
SI-04 Information System Monitoring Tools And Techniques Hits: 23107
SI-05 Security Alerts And Advisories Hits: 12470
SI-06 Security Functionality Verification Hits: 17661
SI-07 Software And Information Integrity Hits: 16724
SI-08 Spam Protection Hits: 8070
SI-09 Information Input Restrictions Hits: 8298
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 17038
SI-11 Error Handling Hits: 12459
SI-12 Information Output Handling And Retention Hits: 9903