Diagram:

Your browser does not support SVG files! We recommend you upgrade to the latest version of Firefox so you receive patterns with hyper-linked controls.

Description: Generic end user client module showing appropriate controls that should be applied to all desktop, laptop or mobile clients that process information or access other information systems.

Indications: This pattern module is referenced throughout OSA.

Contra-indications: None.

Resistance against threats: TBD.

References: n/a

Related patterns: n/a

Classification: Module

Release: 08.02

Authors: Spinoza

Reviewer(s): Auriel

Control details

AC-03 Access enforcement
AC-05 Separation Of Duties
AC-06 Least privilege
AC-07 Unsuccessful login attempts
AC-08 System use notification
AC-11 Session Lock
AC-12 Session Termination
AC-19 Session Termination

AT-02 Security Awareness
AT-03 Security Training
AT-04 Security Training Records

AU-02 Auditable Events
AU-03 Content Of Audit Records
AU-04 Audit Storage Capacity
AU-05 Response To Audit Processing Failures
AU-08 Time Stamps
AU-09 Protection Of Audit Information
AU-10 Non-Repudiation
AU-11 Audit Record Retention

CA-02 Security Assessments
CA-04 Security Certification
CA-06 Security Accreditation
CA-07 Continuous Monitoring

CM-02 Baseline Configuration
CM-03 Configuration Change Control
CM-04 Monitoring Configuration Changes
CM-05 Access Restrictions For Change
CM-06 Configuration Settings
CM-07 Least Functionality
CM-08 Information System Component Inventory

CP-03 Contingency Training
CP-04 Contingency Plan Testing And Exercises CP-05 Contingency Plan Update CP-09 Information System Backup
CP-10 Information System Recovery And Reconstitution

IA-02 User Identification And Authentication
IA-06 Authenticator Feedback
IA-07 Cryptographic Module Authentication

IR-02 Incident Response Training IR-02 Incident Response Training IR-03 Incident Response Testing And Exercises IR-04 Incident Handling IR-05 Incident Monitoring IR-06 Incident Reporting IR-07 Incident Response Assistance

MA-02 Controlled Maintenance
MA-03 Maintenance Tools
MA-04 Remote Maintenance
MA-05 Maintenance Personnel
MA-06 Timely Maintenance

MP-02 Media Access

PL-04 Rules Of Behavior

PS-06 Access Agreements

RA-02 Security Categorization
RA-03 Risk Assessment
RA-04 Risk Assessment Update
RA-05 Vulnerability Scanning

SA-02 Allocation Of Resources
SA-03 Life Cycle Support
SA-04 Acquisitions
SA-05 Information System Documentation
SA-06 Software Usage Restrictions
SA-07 User Installed Software
SA-08 Security Engineering Principles

SC-03 Security Function Isolation
SC-04 Information Remnance
SC-05 Denial Of Service Protection
SC-06 Resource Priority
SC-11 Trusted Path
SC-12 Cryptographic Key Establishment And Management
SC-13 Use Of Cryptography
SC-14 Public Access Protections
SC-15 Collaborative Computing
SC-18 Mobile Code

SI-02 Flaw Remediation
SI-03 Malicious Code Protection
SI-04 Information System Monitoring Tools And Techniques
SI-05 Security Alerts And Advisories
SI-06 Security Functionality Verification
SI-07 Software And Information Integrity
SI-11 Error Handling