SP-001: Client Module
Diagram:
Description: Generic end user client module showing appropriate controls that should be applied to all desktop, laptop or mobile clients that process information or access other information systems.
Indications: This pattern module is referenced throughout OSA.
Contra-indications: None.
Resistance against threats: TBD.
References: n/a
Related patterns: n/a
Classification: Module
Release: 08.02
Authors: Spinoza
Reviewer(s): Auriel
Control details
AC-03 Access enforcement
AC-05 Separation Of Duties
AC-06 Least privilege
AC-07 Unsuccessful login attempts
AC-08 System use notification
AC-11 Session Lock
AC-12 Session Termination
AC-19 Session Termination
AT-02 Security Awareness
AT-03 Security Training
AT-04 Security Training Records
AU-02 Auditable Events
AU-03 Content Of Audit Records
AU-04 Audit Storage Capacity
AU-05 Response To Audit Processing Failures
AU-08 Time Stamps
AU-09 Protection Of Audit Information
AU-10 Non-Repudiation
AU-11 Audit Record Retention
CA-02 Security Assessments
CA-04 Security Certification
CA-06 Security Accreditation
CA-07 Continuous Monitoring
CM-02 Baseline Configuration
CM-03 Configuration Change Control
CM-04 Monitoring Configuration Changes
CM-05 Access Restrictions For Change
CM-06 Configuration Settings
CM-07 Least Functionality
CM-08 Information System Component Inventory
CP-03 Contingency Training
CP-04 Contingency Plan Testing And Exercises CP-05 Contingency Plan Update CP-09 Information System Backup
CP-10 Information System Recovery And Reconstitution
IA-02 User Identification And Authentication
IA-06 Authenticator Feedback
IA-07 Cryptographic Module Authentication
IR-02 Incident Response Training IR-02 Incident Response Training IR-03 Incident Response Testing And Exercises IR-04 Incident Handling IR-05 Incident Monitoring IR-06 Incident Reporting IR-07 Incident Response Assistance
MA-02 Controlled Maintenance
MA-03 Maintenance Tools
MA-04 Remote Maintenance
MA-05 Maintenance Personnel
MA-06 Timely Maintenance
RA-02 Security Categorization
RA-03 Risk Assessment
RA-04 Risk Assessment Update
RA-05 Vulnerability Scanning
SA-02 Allocation Of Resources
SA-03 Life Cycle Support
SA-04 Acquisitions
SA-05 Information System Documentation
SA-06 Software Usage Restrictions
SA-07 User Installed Software
SA-08 Security Engineering Principles
SC-03 Security Function Isolation
SC-04 Information Remnance
SC-05 Denial Of Service Protection
SC-06 Resource Priority
SC-11 Trusted Path
SC-12 Cryptographic Key Establishment And Management
SC-13 Use Of Cryptography
SC-14 Public Access Protections
SC-15 Collaborative Computing
SC-18 Mobile Code
SI-02 Flaw Remediation
SI-03 Malicious Code Protection
SI-04 Information System Monitoring Tools And Techniques
SI-05 Security Alerts And Advisories
SI-06 Security Functionality Verification
SI-07 Software And Information Integrity
SI-11 Error Handling