• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 32429
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 77335
13-05 Controls catalog SQL export Hits: 11765
AC-01 Access Control Policies and Procedures Hits: 51247
AC-02 Account Management Hits: 35650
AC-03 Access Enforcement Hits: 38793
AC-04 Information Flow Enforcement Hits: 41237
AC-05 Separation Of Duties Hits: 21993
AC-06 Least Privilege Hits: 21927
AC-07 Unsuccessful Login Attempts Hits: 20356
AC-08 System Use Notification Hits: 18841
AC-09 Previous Logon Notification Hits: 14918
AC-10 Concurrent Session Control Hits: 16608
AC-11 Session Lock Hits: 19311
AC-12 Session Termination Hits: 18552
AC-13 Supervision And Review -- Access Control Hits: 13645
AC-14 Permitted Actions Without Identification Or Authentication Hits: 11724
AC-15 Automated Marking Hits: 10610
AC-16 Automated Labeling Hits: 9789
AC-17 Remote Access Hits: 20045
AC-18 Wireless Access Restrictions Hits: 18489
AC-19 Access Control For Portable And Mobile Devices Hits: 18287
AC-20 Use Of External Information Systems Hits: 17681
AT-01 Security Awareness And Training Policy And Procedures Hits: 20404
AT-02 Security Awareness Hits: 18376
AT-03 Security Training Hits: 17857
AT-04 Security Training Records Hits: 12405
AT-05 Contacts With Security Groups And Associations Hits: 10058
AU-01 Audit And Accountability Policy And Procedures Hits: 21151
AU-02 Auditable Events Hits: 29174
AU-03 Content Of Audit Records Hits: 18245
AU-04 Audit Storage Capacity Hits: 14541
AU-05 Response To Audit Processing Failures Hits: 17907
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 38946
AU-07 Audit Reduction And Report Generation Hits: 17409
AU-08 Time Stamps Hits: 14450
AU-09 Protection Of Audit Information Hits: 18837
AU-10 Non-Repudiation Hits: 18548
AU-11 Audit Record Retention Hits: 16247
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 18677
CA-02 Security Assessments Hits: 22417
CA-03 Information System Connections Hits: 13187
CA-04 Security Certification Hits: 16804
CA-05 Plan Of Action And Milestones Hits: 12534
CA-06 Security Accreditation Hits: 14081
CA-07 Continuous Monitoring Hits: 20825
CM-01 Configuration Management Policy And Procedures Hits: 19312
CM-02 Baseline Configuration Hits: 22431
CM-03 Configuration Change Control Hits: 21288
CM-04 Monitoring Configuration Changes Hits: 14545
CM-05 Access Restrictions For Change Hits: 17474
CM-06 Configuration Settings Hits: 20823
CM-07 Least Functionality Hits: 24843
CM-08 Information System Component Inventory Hits: 18698
CP-01 Contingency Planning Policy And Procedures Hits: 13722
CP-02 Contingency Plan Hits: 14395
CP-03 Contingency Training Hits: 11781
CP-04 Contingency Plan Testing And Exercises Hits: 19861
CP-05 Contingency Plan Update Hits: 10762
CP-06 Alternate Storage Site Hits: 12463
CP-07 Alternate Processing Site Hits: 14754
CP-08 Telecommunications Services Hits: 8998
CP-09 Information System Backup Hits: 17908
CP-10 Information System Recovery And Reconstitution Hits: 16820
IA-01 Identification And Authentication Policy And Procedures Hits: 21168
IA-02 User Identification And Authentication Hits: 29221
IA-03 Device Identification And Authentication Hits: 25133
IA-04 Identifier Management Hits: 18433
IA-05 Authenticator Management Hits: 20244
IA-06 Authenticator Feedback Hits: 14880
IA-07 Cryptographic Module Authentication Hits: 20969
IR-01 Incident Response Policy And Procedures Hits: 15454
IR-02 Incident Response Training Hits: 13714
IR-03 Incident Response Testing And Exercises Hits: 15828
IR-04 Incident Handling Hits: 25692
IR-05 Incident Monitoring Hits: 13860
IR-06 Incident Reporting Hits: 13697
IR-07 Incident Response Assistance Hits: 14257
MA-01 System Maintenance Policy And Procedures Hits: 13662
MA-02 Controlled Maintenance Hits: 15070
MA-03 Maintenance Tools Hits: 12827
MA-04 Remote Maintenance Hits: 15117
MA-05 Maintenance Personnel Hits: 10660
MA-06 Timely Maintenance Hits: 11698
MP-01 Media Protection Policy And Procedures Hits: 13355
MP-02 Media Access Hits: 13921
MP-03 Media Labeling Hits: 9904
MP-04 Media Storage Hits: 10425
MP-05 Media Transport Hits: 10548
MP-06 Media Sanitization And Disposal Hits: 11650
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 12872
PE-02 Physical Access Authorizations Hits: 11457
PE-03 Physical Access Control Hits: 15298
PE-04 Access Control For Transmission Medium Hits: 11086
PE-05 Access Control For Display Medium Hits: 10222
PE-06 Monitoring Physical Access Hits: 13278
PE-07 Visitor Control Hits: 9127
PE-08 Access Records Hits: 7845
PE-09 Power Equipment And Power Cabling Hits: 10680
PE-10 Emergency Shutoff Hits: 10464
PE-11 Emergency Power Hits: 9881
PE-12 Emergency Lighting Hits: 9899
PE-13 Fire Protection Hits: 10417
PE-14 Temperature And Humidity Controls Hits: 9735
PE-15 Water Damage Protection Hits: 10197
PE-16 Delivery And Removal Hits: 10293
PE-17 Alternate Work Site Hits: 7990
PE-18 Location Of Information System Components Hits: 8044
PE-19 Information Leakage Hits: 9987
PL-01 Security Planning Policy And Procedures Hits: 17546
PL-02 System Security Plan Hits: 13001
PL-03 System Security Plan Update Hits: 7333
PL-04 Rules Of Behavior Hits: 14371
PL-05 Privacy Impact Assessment Hits: 9710
PL-06 Security-Related Activity Planning Hits: 7588
PS-01 Personnel Security Policy And Procedures Hits: 14554
PS-02 Position Categorization Hits: 8373
PS-03 Personnel Screening Hits: 9306
PS-04 Personnel Termination Hits: 7801
PS-05 Personnel Transfer Hits: 7318
PS-06 Access Agreements Hits: 13529
PS-07 Third-Party Personnel Security Hits: 12736
PS-08 Personnel Sanctions Hits: 9192
RA-01 Risk Assessment Policy And Procedures Hits: 13348
RA-02 Security Categorization Hits: 16427
RA-03 Risk Assessment Hits: 18823
RA-04 Risk Assessment Update Hits: 12864
RA-05 Vulnerability Scanning Hits: 22625
SA-01 System And Services Acquisition Policy And Procedures Hits: 18127
SA-02 Allocation Of Resources Hits: 14509
SA-03 Life Cycle Support Hits: 16640
SA-04 Acquisitions Hits: 15654
SA-05 Information System Documentation Hits: 26701
SA-06 Software Usage Restrictions Hits: 12625
SA-07 User Installed Software Hits: 12290
SA-08 Security Engineering Principles Hits: 19990
SA-09 External Information System Services Hits: 14913
SA-10 Developer Configuration Management Hits: 13787
SA-11 Developer Security Testing Hits: 11816
SC-01 System And Communications Protection Policy And Procedures Hits: 15914
SC-02 Application Partitioning Hits: 15421
SC-03 Security Function Isolation Hits: 18690
SC-04 Information Remnance Hits: 19394
SC-05 Denial Of Service Protection Hits: 18624
SC-06 Resource Priority Hits: 12744
SC-07 Boundary Protection Hits: 31486
SC-08 Transmission Integrity Hits: 21346
SC-09 Transmission Confidentiality Hits: 20010
SC-10 Network Disconnect Hits: 13401
SC-11 Trusted Path Hits: 16164
SC-12 Cryptographic Key Establishment And Management Hits: 17603
SC-13 Use Of Cryptography Hits: 19623
SC-14 Public Access Protections Hits: 11035
SC-15 Collaborative Computing Hits: 13831
SC-16 Transmission Of Security Parameters Hits: 8419
SC-17 Public Key Infrastructure Certificates Hits: 9575
SC-18 Mobile Code Hits: 19981
SC-19 Voice Over Internet Protocol Hits: 7987
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 19594
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 10928
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 10731
SC-23 Session Authenticity Hits: 20344
SI-01 System And Information Integrity Policy And Procedures Hits: 14400
SI-02 Flaw Remediation Hits: 28096
SI-03 Malicious Code Protection Hits: 24278
SI-04 Information System Monitoring Tools And Techniques Hits: 27141
SI-05 Security Alerts And Advisories Hits: 15080
SI-06 Security Functionality Verification Hits: 20808
SI-07 Software And Information Integrity Hits: 19235
SI-08 Spam Protection Hits: 9744
SI-09 Information Input Restrictions Hits: 9876
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 19200
SI-11 Error Handling Hits: 15052
SI-12 Information Output Handling And Retention Hits: 11516