The library houses the main OSA artifacts for the current release, and all previous releases. We have now published three releases (currently at release 11_02) so the content scope and quality has improved considerably since 2008, but we will continue to develop and refine.
The main categories are the Control Catalog, Pattern Landscape, and Threat Catalog.
The pattern landscape comprises all patterns, in other words Security Architectures to solve specific problems. In time these will be classified according to Industry Verticals (e.g. Manufacturing), and other views such as threats mitigated (e.g. Phishing). The patterns are stored as an HTML page, but we will also provide an Open Document Format file that can be used in a word processor on most platforms.
We have now created an SVG version of the patterns that include hyper-links back to the controls specified (this requires you to use an SVG compliant browser like Chrome, Firefox or Safari).
The control catalog is based on NIST 800-53 (2006) and provides details on all controls that are needed to create security solutions. The controls will be extended over time to include tests, as well as mappings against other standards, regulations, legislation and governance standards.
NIST 800-53 is divided into control families such as Access Control (AC), these family names are included into the naming conventions for the control to aid memorization and easy reference. The control families are:
The threat catalog remains under development as of 2011. One option is the use of the BITS catalog, but whatever we use it needs to be licensed compliant with Creative Commons. If you have thoughts in this space let us know.
The Icon Library is available to build patterns and can also be used for your architecture diagrams. You are free to use these as the basis for building patterns in conjunction with the pattern template we provide. They are also licensed compliant with Creative Commons.
Patterns are at the heart of OSA. They bring together a number of elements in order to show how the practitioner can solve a specific architectural problem with a known quality solution.The Pattern Template is available to help build new patterns and for your architecture descriptions.