• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 32402
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 77282
13-05 Controls catalog SQL export Hits: 11738
AC-01 Access Control Policies and Procedures Hits: 51175
AC-02 Account Management Hits: 35588
AC-03 Access Enforcement Hits: 38725
AC-04 Information Flow Enforcement Hits: 41135
AC-05 Separation Of Duties Hits: 21936
AC-06 Least Privilege Hits: 21869
AC-07 Unsuccessful Login Attempts Hits: 20306
AC-08 System Use Notification Hits: 18794
AC-09 Previous Logon Notification Hits: 14891
AC-10 Concurrent Session Control Hits: 16571
AC-11 Session Lock Hits: 19277
AC-12 Session Termination Hits: 18502
AC-13 Supervision And Review -- Access Control Hits: 13612
AC-14 Permitted Actions Without Identification Or Authentication Hits: 11701
AC-15 Automated Marking Hits: 10581
AC-16 Automated Labeling Hits: 9761
AC-17 Remote Access Hits: 20008
AC-18 Wireless Access Restrictions Hits: 18443
AC-19 Access Control For Portable And Mobile Devices Hits: 18242
AC-20 Use Of External Information Systems Hits: 17654
AT-01 Security Awareness And Training Policy And Procedures Hits: 20346
AT-02 Security Awareness Hits: 18341
AT-03 Security Training Hits: 17817
AT-04 Security Training Records Hits: 12380
AT-05 Contacts With Security Groups And Associations Hits: 10033
AU-01 Audit And Accountability Policy And Procedures Hits: 21115
AU-02 Auditable Events Hits: 29115
AU-03 Content Of Audit Records Hits: 18205
AU-04 Audit Storage Capacity Hits: 14511
AU-05 Response To Audit Processing Failures Hits: 17876
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 38793
AU-07 Audit Reduction And Report Generation Hits: 17378
AU-08 Time Stamps Hits: 14415
AU-09 Protection Of Audit Information Hits: 18787
AU-10 Non-Repudiation Hits: 18519
AU-11 Audit Record Retention Hits: 16211
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 18638
CA-02 Security Assessments Hits: 22376
CA-03 Information System Connections Hits: 13158
CA-04 Security Certification Hits: 16766
CA-05 Plan Of Action And Milestones Hits: 12502
CA-06 Security Accreditation Hits: 14050
CA-07 Continuous Monitoring Hits: 20773
CM-01 Configuration Management Policy And Procedures Hits: 19270
CM-02 Baseline Configuration Hits: 22387
CM-03 Configuration Change Control Hits: 21235
CM-04 Monitoring Configuration Changes Hits: 14499
CM-05 Access Restrictions For Change Hits: 17438
CM-06 Configuration Settings Hits: 20727
CM-07 Least Functionality Hits: 24801
CM-08 Information System Component Inventory Hits: 18653
CP-01 Contingency Planning Policy And Procedures Hits: 13695
CP-02 Contingency Plan Hits: 14357
CP-03 Contingency Training Hits: 11753
CP-04 Contingency Plan Testing And Exercises Hits: 19830
CP-05 Contingency Plan Update Hits: 10737
CP-06 Alternate Storage Site Hits: 12435
CP-07 Alternate Processing Site Hits: 14717
CP-08 Telecommunications Services Hits: 8975
CP-09 Information System Backup Hits: 17873
CP-10 Information System Recovery And Reconstitution Hits: 16782
IA-01 Identification And Authentication Policy And Procedures Hits: 21124
IA-02 User Identification And Authentication Hits: 29167
IA-03 Device Identification And Authentication Hits: 25062
IA-04 Identifier Management Hits: 18374
IA-05 Authenticator Management Hits: 20204
IA-06 Authenticator Feedback Hits: 14843
IA-07 Cryptographic Module Authentication Hits: 20927
IR-01 Incident Response Policy And Procedures Hits: 15419
IR-02 Incident Response Training Hits: 13676
IR-03 Incident Response Testing And Exercises Hits: 15788
IR-04 Incident Handling Hits: 25619
IR-05 Incident Monitoring Hits: 13828
IR-06 Incident Reporting Hits: 13655
IR-07 Incident Response Assistance Hits: 14221
MA-01 System Maintenance Policy And Procedures Hits: 13633
MA-02 Controlled Maintenance Hits: 15039
MA-03 Maintenance Tools Hits: 12800
MA-04 Remote Maintenance Hits: 15079
MA-05 Maintenance Personnel Hits: 10635
MA-06 Timely Maintenance Hits: 11669
MP-01 Media Protection Policy And Procedures Hits: 13327
MP-02 Media Access Hits: 13881
MP-03 Media Labeling Hits: 9878
MP-04 Media Storage Hits: 10397
MP-05 Media Transport Hits: 10521
MP-06 Media Sanitization And Disposal Hits: 11619
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 12843
PE-02 Physical Access Authorizations Hits: 11425
PE-03 Physical Access Control Hits: 15252
PE-04 Access Control For Transmission Medium Hits: 11062
PE-05 Access Control For Display Medium Hits: 10197
PE-06 Monitoring Physical Access Hits: 13243
PE-07 Visitor Control Hits: 9099
PE-08 Access Records Hits: 7827
PE-09 Power Equipment And Power Cabling Hits: 10653
PE-10 Emergency Shutoff Hits: 10432
PE-11 Emergency Power Hits: 9854
PE-12 Emergency Lighting Hits: 9874
PE-13 Fire Protection Hits: 10390
PE-14 Temperature And Humidity Controls Hits: 9709
PE-15 Water Damage Protection Hits: 10172
PE-16 Delivery And Removal Hits: 10259
PE-17 Alternate Work Site Hits: 7974
PE-18 Location Of Information System Components Hits: 8028
PE-19 Information Leakage Hits: 9963
PL-01 Security Planning Policy And Procedures Hits: 17514
PL-02 System Security Plan Hits: 12966
PL-03 System Security Plan Update Hits: 7319
PL-04 Rules Of Behavior Hits: 14337
PL-05 Privacy Impact Assessment Hits: 9689
PL-06 Security-Related Activity Planning Hits: 7573
PS-01 Personnel Security Policy And Procedures Hits: 14511
PS-02 Position Categorization Hits: 8357
PS-03 Personnel Screening Hits: 9279
PS-04 Personnel Termination Hits: 7782
PS-05 Personnel Transfer Hits: 7297
PS-06 Access Agreements Hits: 13497
PS-07 Third-Party Personnel Security Hits: 12705
PS-08 Personnel Sanctions Hits: 9173
RA-01 Risk Assessment Policy And Procedures Hits: 13322
RA-02 Security Categorization Hits: 16396
RA-03 Risk Assessment Hits: 18779
RA-04 Risk Assessment Update Hits: 12830
RA-05 Vulnerability Scanning Hits: 22571
SA-01 System And Services Acquisition Policy And Procedures Hits: 18093
SA-02 Allocation Of Resources Hits: 14475
SA-03 Life Cycle Support Hits: 16605
SA-04 Acquisitions Hits: 15621
SA-05 Information System Documentation Hits: 26619
SA-06 Software Usage Restrictions Hits: 12589
SA-07 User Installed Software Hits: 12259
SA-08 Security Engineering Principles Hits: 19952
SA-09 External Information System Services Hits: 14888
SA-10 Developer Configuration Management Hits: 13751
SA-11 Developer Security Testing Hits: 11791
SC-01 System And Communications Protection Policy And Procedures Hits: 15883
SC-02 Application Partitioning Hits: 15382
SC-03 Security Function Isolation Hits: 18648
SC-04 Information Remnance Hits: 19356
SC-05 Denial Of Service Protection Hits: 18577
SC-06 Resource Priority Hits: 12711
SC-07 Boundary Protection Hits: 31417
SC-08 Transmission Integrity Hits: 21304
SC-09 Transmission Confidentiality Hits: 19974
SC-10 Network Disconnect Hits: 13369
SC-11 Trusted Path Hits: 16126
SC-12 Cryptographic Key Establishment And Management Hits: 17563
SC-13 Use Of Cryptography Hits: 19566
SC-14 Public Access Protections Hits: 11011
SC-15 Collaborative Computing Hits: 13805
SC-16 Transmission Of Security Parameters Hits: 8401
SC-17 Public Key Infrastructure Certificates Hits: 9546
SC-18 Mobile Code Hits: 19933
SC-19 Voice Over Internet Protocol Hits: 7966
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 19551
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 10896
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 10699
SC-23 Session Authenticity Hits: 20305
SI-01 System And Information Integrity Policy And Procedures Hits: 14374
SI-02 Flaw Remediation Hits: 28022
SI-03 Malicious Code Protection Hits: 24240
SI-04 Information System Monitoring Tools And Techniques Hits: 27086
SI-05 Security Alerts And Advisories Hits: 15038
SI-06 Security Functionality Verification Hits: 20772
SI-07 Software And Information Integrity Hits: 19193
SI-08 Spam Protection Hits: 9718
SI-09 Information Input Restrictions Hits: 9853
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 19165
SI-11 Error Handling Hits: 15020
SI-12 Information Output Handling And Retention Hits: 11490