• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 28276
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 70273
13-05 Controls catalog SQL export Hits: 9841
AC-01 Access Control Policies and Procedures Hits: 44921
AC-02 Account Management Hits: 28802
AC-03 Access Enforcement Hits: 32185
AC-04 Information Flow Enforcement Hits: 33290
AC-05 Separation Of Duties Hits: 18284
AC-06 Least Privilege Hits: 18204
AC-07 Unsuccessful Login Attempts Hits: 17114
AC-08 System Use Notification Hits: 14765
AC-09 Previous Logon Notification Hits: 12789
AC-10 Concurrent Session Control Hits: 14262
AC-11 Session Lock Hits: 16585
AC-12 Session Termination Hits: 15295
AC-13 Supervision And Review -- Access Control Hits: 11190
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10037
AC-15 Automated Marking Hits: 8534
AC-16 Automated Labeling Hits: 7958
AC-17 Remote Access Hits: 16661
AC-18 Wireless Access Restrictions Hits: 15423
AC-19 Access Control For Portable And Mobile Devices Hits: 15098
AC-20 Use Of External Information Systems Hits: 14965
AT-01 Security Awareness And Training Policy And Procedures Hits: 17193
AT-02 Security Awareness Hits: 15438
AT-03 Security Training Hits: 14869
AT-04 Security Training Records Hits: 10257
AT-05 Contacts With Security Groups And Associations Hits: 8461
AU-01 Audit And Accountability Policy And Procedures Hits: 18558
AU-02 Auditable Events Hits: 24308
AU-03 Content Of Audit Records Hits: 14943
AU-04 Audit Storage Capacity Hits: 12145
AU-05 Response To Audit Processing Failures Hits: 15155
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 30953
AU-07 Audit Reduction And Report Generation Hits: 15205
AU-08 Time Stamps Hits: 11859
AU-09 Protection Of Audit Information Hits: 15098
AU-10 Non-Repudiation Hits: 15994
AU-11 Audit Record Retention Hits: 13662
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 15182
CA-02 Security Assessments Hits: 18914
CA-03 Information System Connections Hits: 11149
CA-04 Security Certification Hits: 13870
CA-05 Plan Of Action And Milestones Hits: 10043
CA-06 Security Accreditation Hits: 11668
CA-07 Continuous Monitoring Hits: 17307
CM-01 Configuration Management Policy And Procedures Hits: 16449
CM-02 Baseline Configuration Hits: 18962
CM-03 Configuration Change Control Hits: 17118
CM-04 Monitoring Configuration Changes Hits: 11586
CM-05 Access Restrictions For Change Hits: 14662
CM-06 Configuration Settings Hits: 14136
CM-07 Least Functionality Hits: 21443
CM-08 Information System Component Inventory Hits: 15308
CP-01 Contingency Planning Policy And Procedures Hits: 11813
CP-02 Contingency Plan Hits: 11943
CP-03 Contingency Training Hits: 9909
CP-04 Contingency Plan Testing And Exercises Hits: 17309
CP-05 Contingency Plan Update Hits: 9056
CP-06 Alternate Storage Site Hits: 10327
CP-07 Alternate Processing Site Hits: 12603
CP-08 Telecommunications Services Hits: 7547
CP-09 Information System Backup Hits: 15154
CP-10 Information System Recovery And Reconstitution Hits: 14266
IA-01 Identification And Authentication Policy And Procedures Hits: 17927
IA-02 User Identification And Authentication Hits: 24440
IA-03 Device Identification And Authentication Hits: 20813
IA-04 Identifier Management Hits: 14575
IA-05 Authenticator Management Hits: 17570
IA-06 Authenticator Feedback Hits: 12135
IA-07 Cryptographic Module Authentication Hits: 17842
IR-01 Incident Response Policy And Procedures Hits: 13248
IR-02 Incident Response Training Hits: 11353
IR-03 Incident Response Testing And Exercises Hits: 13716
IR-04 Incident Handling Hits: 20912
IR-05 Incident Monitoring Hits: 11502
IR-06 Incident Reporting Hits: 11439
IR-07 Incident Response Assistance Hits: 11739
MA-01 System Maintenance Policy And Procedures Hits: 11922
MA-02 Controlled Maintenance Hits: 12585
MA-03 Maintenance Tools Hits: 10935
MA-04 Remote Maintenance Hits: 12547
MA-05 Maintenance Personnel Hits: 8960
MA-06 Timely Maintenance Hits: 10032
MP-01 Media Protection Policy And Procedures Hits: 11538
MP-02 Media Access Hits: 11411
MP-03 Media Labeling Hits: 8228
MP-04 Media Storage Hits: 8672
MP-05 Media Transport Hits: 8851
MP-06 Media Sanitization And Disposal Hits: 9727
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11117
PE-02 Physical Access Authorizations Hits: 9705
PE-03 Physical Access Control Hits: 12502
PE-04 Access Control For Transmission Medium Hits: 9453
PE-05 Access Control For Display Medium Hits: 8643
PE-06 Monitoring Physical Access Hits: 11226
PE-07 Visitor Control Hits: 7637
PE-08 Access Records Hits: 6634
PE-09 Power Equipment And Power Cabling Hits: 9092
PE-10 Emergency Shutoff Hits: 8565
PE-11 Emergency Power Hits: 8204
PE-12 Emergency Lighting Hits: 8342
PE-13 Fire Protection Hits: 8704
PE-14 Temperature And Humidity Controls Hits: 8245
PE-15 Water Damage Protection Hits: 8339
PE-16 Delivery And Removal Hits: 8657
PE-17 Alternate Work Site Hits: 6829
PE-18 Location Of Information System Components Hits: 6833
PE-19 Information Leakage Hits: 8394
PL-01 Security Planning Policy And Procedures Hits: 15295
PL-02 System Security Plan Hits: 10422
PL-03 System Security Plan Update Hits: 6135
PL-04 Rules Of Behavior Hits: 11692
PL-05 Privacy Impact Assessment Hits: 8209
PL-06 Security-Related Activity Planning Hits: 6423
PS-01 Personnel Security Policy And Procedures Hits: 12556
PS-02 Position Categorization Hits: 7143
PS-03 Personnel Screening Hits: 7806
PS-04 Personnel Termination Hits: 6518
PS-05 Personnel Transfer Hits: 6143
PS-06 Access Agreements Hits: 11081
PS-07 Third-Party Personnel Security Hits: 10837
PS-08 Personnel Sanctions Hits: 7892
RA-01 Risk Assessment Policy And Procedures Hits: 11508
RA-02 Security Categorization Hits: 13935
RA-03 Risk Assessment Hits: 15836
RA-04 Risk Assessment Update Hits: 10638
RA-05 Vulnerability Scanning Hits: 18284
SA-01 System And Services Acquisition Policy And Procedures Hits: 15873
SA-02 Allocation Of Resources Hits: 11839
SA-03 Life Cycle Support Hits: 13938
SA-04 Acquisitions Hits: 13033
SA-05 Information System Documentation Hits: 21733
SA-06 Software Usage Restrictions Hits: 10523
SA-07 User Installed Software Hits: 10245
SA-08 Security Engineering Principles Hits: 17460
SA-09 External Information System Services Hits: 12819
SA-10 Developer Configuration Management Hits: 11443
SA-11 Developer Security Testing Hits: 10056
SC-01 System And Communications Protection Policy And Procedures Hits: 13922
SC-02 Application Partitioning Hits: 12964
SC-03 Security Function Isolation Hits: 15597
SC-04 Information Remnance Hits: 16705
SC-05 Denial Of Service Protection Hits: 15432
SC-06 Resource Priority Hits: 10558
SC-07 Boundary Protection Hits: 26370
SC-08 Transmission Integrity Hits: 17930
SC-09 Transmission Confidentiality Hits: 16767
SC-10 Network Disconnect Hits: 11105
SC-11 Trusted Path Hits: 13564
SC-12 Cryptographic Key Establishment And Management Hits: 14706
SC-13 Use Of Cryptography Hits: 15690
SC-14 Public Access Protections Hits: 9378
SC-15 Collaborative Computing Hits: 11998
SC-16 Transmission Of Security Parameters Hits: 7133
SC-17 Public Key Infrastructure Certificates Hits: 8015
SC-18 Mobile Code Hits: 16398
SC-19 Voice Over Internet Protocol Hits: 6778
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 15933
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9100
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 8719
SC-23 Session Authenticity Hits: 17046
SI-01 System And Information Integrity Policy And Procedures Hits: 12597
SI-02 Flaw Remediation Hits: 22660
SI-03 Malicious Code Protection Hits: 20973
SI-04 Information System Monitoring Tools And Techniques Hits: 23034
SI-05 Security Alerts And Advisories Hits: 12341
SI-06 Security Functionality Verification Hits: 17527
SI-07 Software And Information Integrity Hits: 16580
SI-08 Spam Protection Hits: 7987
SI-09 Information Input Restrictions Hits: 8203
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 16908
SI-11 Error Handling Hits: 12358
SI-12 Information Output Handling And Retention Hits: 9822