The library houses the main OSA artifacts for the current release, and all previous releases. At the moment we have just published the first ever release (08_02) so the content is still being created and refined.

The main categories are the Control Catalog, Pattern Landscape, and Threat Catalog.

Pattern Landscape

The pattern landscape comprises all patterns, in other words Security Architectures to solve specific problems. In time these will be classified according to Industry Verticals (e.g. Manufacturing), and other views such as threats mitigated (e.g. Phishing). The patterns are stored as an HTML page, but we will also provide an Open Document Format file that can be used in a word processor on most platforms.

We have now created an SVG version of the patterns that include hyper-links back to the controls specified (this requires you to use Firefox 1.5+, or download a plug-in from Adobe if you are using IE).

Control Catalog

The control catalog is based on NIST 800-53 (2006) and provides details on all controls that are needed to create security solutions. The controls will be extended over time to include tests, as well as mappings against other standards, regulations, legislation and governance standards.

NIST 800-53 is divided into control families such as Access Control (AC), these family names are included into the naming conventions for the control to aid memorization and easy reference. The control families are:

Threat catalog

The threat catalog has not yet been implemented. One option is the use of the BITS catalog, but whatever we use it needs to be licensed compliant with Creative Commons. If you have thoughts in this space let us know.