• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 29652
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 72318
13-05 Controls catalog SQL export Hits: 10313
AC-01 Access Control Policies and Procedures Hits: 46671
AC-02 Account Management Hits: 30585
AC-03 Access Enforcement Hits: 33882
AC-04 Information Flow Enforcement Hits: 35017
AC-05 Separation Of Duties Hits: 19215
AC-06 Least Privilege Hits: 19101
AC-07 Unsuccessful Login Attempts Hits: 17901
AC-08 System Use Notification Hits: 15500
AC-09 Previous Logon Notification Hits: 13261
AC-10 Concurrent Session Control Hits: 14800
AC-11 Session Lock Hits: 17283
AC-12 Session Termination Hits: 16078
AC-13 Supervision And Review -- Access Control Hits: 11822
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10477
AC-15 Automated Marking Hits: 9065
AC-16 Automated Labeling Hits: 8407
AC-17 Remote Access Hits: 17473
AC-18 Wireless Access Restrictions Hits: 16056
AC-19 Access Control For Portable And Mobile Devices Hits: 15818
AC-20 Use Of External Information Systems Hits: 15668
AT-01 Security Awareness And Training Policy And Procedures Hits: 17832
AT-02 Security Awareness Hits: 16141
AT-03 Security Training Hits: 15592
AT-04 Security Training Records Hits: 10743
AT-05 Contacts With Security Groups And Associations Hits: 8799
AU-01 Audit And Accountability Policy And Procedures Hits: 19143
AU-02 Auditable Events Hits: 25520
AU-03 Content Of Audit Records Hits: 15663
AU-04 Audit Storage Capacity Hits: 12700
AU-05 Response To Audit Processing Failures Hits: 15772
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 32594
AU-07 Audit Reduction And Report Generation Hits: 15730
AU-08 Time Stamps Hits: 12446
AU-09 Protection Of Audit Information Hits: 15903
AU-10 Non-Repudiation Hits: 16564
AU-11 Audit Record Retention Hits: 14272
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 15846
CA-02 Security Assessments Hits: 19705
CA-03 Information System Connections Hits: 11632
CA-04 Security Certification Hits: 14504
CA-05 Plan Of Action And Milestones Hits: 10499
CA-06 Security Accreditation Hits: 12195
CA-07 Continuous Monitoring Hits: 18056
CM-01 Configuration Management Policy And Procedures Hits: 17083
CM-02 Baseline Configuration Hits: 19917
CM-03 Configuration Change Control Hits: 18263
CM-04 Monitoring Configuration Changes Hits: 12277
CM-05 Access Restrictions For Change Hits: 15276
CM-06 Configuration Settings Hits: 15445
CM-07 Least Functionality Hits: 22309
CM-08 Information System Component Inventory Hits: 16186
CP-01 Contingency Planning Policy And Procedures Hits: 12232
CP-02 Contingency Plan Hits: 12455
CP-03 Contingency Training Hits: 10318
CP-04 Contingency Plan Testing And Exercises Hits: 17963
CP-05 Contingency Plan Update Hits: 9465
CP-06 Alternate Storage Site Hits: 10756
CP-07 Alternate Processing Site Hits: 13023
CP-08 Telecommunications Services Hits: 7904
CP-09 Information System Backup Hits: 15799
CP-10 Information System Recovery And Reconstitution Hits: 14836
IA-01 Identification And Authentication Policy And Procedures Hits: 18629
IA-02 User Identification And Authentication Hits: 25677
IA-03 Device Identification And Authentication Hits: 21725
IA-04 Identifier Management Hits: 15534
IA-05 Authenticator Management Hits: 18273
IA-06 Authenticator Feedback Hits: 12831
IA-07 Cryptographic Module Authentication Hits: 18584
IR-01 Incident Response Policy And Procedures Hits: 13719
IR-02 Incident Response Training Hits: 11813
IR-03 Incident Response Testing And Exercises Hits: 14161
IR-04 Incident Handling Hits: 21901
IR-05 Incident Monitoring Hits: 12037
IR-06 Incident Reporting Hits: 11952
IR-07 Incident Response Assistance Hits: 12234
MA-01 System Maintenance Policy And Procedures Hits: 12323
MA-02 Controlled Maintenance Hits: 13181
MA-03 Maintenance Tools Hits: 11365
MA-04 Remote Maintenance Hits: 13150
MA-05 Maintenance Personnel Hits: 9325
MA-06 Timely Maintenance Hits: 10442
MP-01 Media Protection Policy And Procedures Hits: 11931
MP-02 Media Access Hits: 11999
MP-03 Media Labeling Hits: 8589
MP-04 Media Storage Hits: 9061
MP-05 Media Transport Hits: 9206
MP-06 Media Sanitization And Disposal Hits: 10128
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11505
PE-02 Physical Access Authorizations Hits: 10104
PE-03 Physical Access Control Hits: 13144
PE-04 Access Control For Transmission Medium Hits: 9792
PE-05 Access Control For Display Medium Hits: 8995
PE-06 Monitoring Physical Access Hits: 11654
PE-07 Visitor Control Hits: 7937
PE-08 Access Records Hits: 6886
PE-09 Power Equipment And Power Cabling Hits: 9427
PE-10 Emergency Shutoff Hits: 8924
PE-11 Emergency Power Hits: 8561
PE-12 Emergency Lighting Hits: 8675
PE-13 Fire Protection Hits: 9044
PE-14 Temperature And Humidity Controls Hits: 8558
PE-15 Water Damage Protection Hits: 8741
PE-16 Delivery And Removal Hits: 8992
PE-17 Alternate Work Site Hits: 7090
PE-18 Location Of Information System Components Hits: 7086
PE-19 Information Leakage Hits: 8738
PL-01 Security Planning Policy And Procedures Hits: 15819
PL-02 System Security Plan Hits: 10990
PL-03 System Security Plan Update Hits: 6358
PL-04 Rules Of Behavior Hits: 12326
PL-05 Privacy Impact Assessment Hits: 8530
PL-06 Security-Related Activity Planning Hits: 6652
PS-01 Personnel Security Policy And Procedures Hits: 13021
PS-02 Position Categorization Hits: 7416
PS-03 Personnel Screening Hits: 8162
PS-04 Personnel Termination Hits: 6792
PS-05 Personnel Transfer Hits: 6378
PS-06 Access Agreements Hits: 11643
PS-07 Third-Party Personnel Security Hits: 11272
PS-08 Personnel Sanctions Hits: 8169
RA-01 Risk Assessment Policy And Procedures Hits: 11939
RA-02 Security Categorization Hits: 14504
RA-03 Risk Assessment Hits: 16521
RA-04 Risk Assessment Update Hits: 11079
RA-05 Vulnerability Scanning Hits: 19395
SA-01 System And Services Acquisition Policy And Procedures Hits: 16441
SA-02 Allocation Of Resources Hits: 12459
SA-03 Life Cycle Support Hits: 14588
SA-04 Acquisitions Hits: 13645
SA-05 Information System Documentation Hits: 22823
SA-06 Software Usage Restrictions Hits: 10977
SA-07 User Installed Software Hits: 10663
SA-08 Security Engineering Principles Hits: 18018
SA-09 External Information System Services Hits: 13351
SA-10 Developer Configuration Management Hits: 11932
SA-11 Developer Security Testing Hits: 10428
SC-01 System And Communications Protection Policy And Procedures Hits: 14389
SC-02 Application Partitioning Hits: 13520
SC-03 Security Function Isolation Hits: 16312
SC-04 Information Remnance Hits: 17355
SC-05 Denial Of Service Protection Hits: 16169
SC-06 Resource Priority Hits: 11043
SC-07 Boundary Protection Hits: 27541
SC-08 Transmission Integrity Hits: 18774
SC-09 Transmission Confidentiality Hits: 17541
SC-10 Network Disconnect Hits: 11589
SC-11 Trusted Path Hits: 14136
SC-12 Cryptographic Key Establishment And Management Hits: 15349
SC-13 Use Of Cryptography Hits: 16647
SC-14 Public Access Protections Hits: 9767
SC-15 Collaborative Computing Hits: 12407
SC-16 Transmission Of Security Parameters Hits: 7438
SC-17 Public Key Infrastructure Certificates Hits: 8376
SC-18 Mobile Code Hits: 17360
SC-19 Voice Over Internet Protocol Hits: 7025
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 16762
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9480
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 9201
SC-23 Session Authenticity Hits: 17830
SI-01 System And Information Integrity Policy And Procedures Hits: 13046
SI-02 Flaw Remediation Hits: 24126
SI-03 Malicious Code Protection Hits: 21813
SI-04 Information System Monitoring Tools And Techniques Hits: 23944
SI-05 Security Alerts And Advisories Hits: 12854
SI-06 Security Functionality Verification Hits: 18338
SI-07 Software And Information Integrity Hits: 17181
SI-08 Spam Protection Hits: 8354
SI-09 Information Input Restrictions Hits: 8646
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 17422
SI-11 Error Handling Hits: 13043
SI-12 Information Output Handling And Retention Hits: 10263