• Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ
  • Home
  • Foundations
    • OSA Landscape
    • OSA Process Landscape
    • OSA Actors
    • OSA Lifecycle
    • Design principles
    • How to use OSA
    • Writing a Pattern
    • OSA Taxonomy
    • Links to Related Material
  • Definitions
    • IT Architecture
    • IT Risk
    • IT Security Architecture
    • IT Security Pattern
    • IT Security Reqmnts
    • Glossary
  • Library
    • Pattern Landscape
    • Control Catalogue
    • Threat Catalogue
    • Icon Library
    • Pattern Template
  • Community
    • Roadmap
    • Getting Involved
    • Read the blog
    • Discussion Forum
    • Case Studies
    • Contributed Articles
  • About
    • Why have OSA?
    • Who uses OSA?
    • License terms
    • FAQ

11.02 Control Catalog

We're on control catalog release 11.02 at the moment, and things have stabilised for this release. The whole control catalog is now in place, but we have ideas to enhance and refine the control format during 2012 to align to the latest release of 800-53. Of course we'd welcome any comments or ideas you may have.

Controls are based on NIST 800-53, and there is a mapping to ISO17799 and COBIT 4.1, with ISO 27002 and PCI DSS available soon.

Using the filter gives you a quick way to hunt through the catalog e.g. 'PS-' gives you all the Personnel Security Family.

Filters
List of articles in category 11.02 Control Catalog
Title Hits
13-05 All Controls Hits: 29020
13-05 Control mapping (NIST 800-53 vs ISO 17799 / PCI-DSS v2 / COBIT 4.1 Hits: 71409
13-05 Controls catalog SQL export Hits: 10111
AC-01 Access Control Policies and Procedures Hits: 45885
AC-02 Account Management Hits: 29797
AC-03 Access Enforcement Hits: 33117
AC-04 Information Flow Enforcement Hits: 34199
AC-05 Separation Of Duties Hits: 18830
AC-06 Least Privilege Hits: 18686
AC-07 Unsuccessful Login Attempts Hits: 17543
AC-08 System Use Notification Hits: 15153
AC-09 Previous Logon Notification Hits: 13038
AC-10 Concurrent Session Control Hits: 14537
AC-11 Session Lock Hits: 16970
AC-12 Session Termination Hits: 15712
AC-13 Supervision And Review -- Access Control Hits: 11548
AC-14 Permitted Actions Without Identification Or Authentication Hits: 10275
AC-15 Automated Marking Hits: 8776
AC-16 Automated Labeling Hits: 8202
AC-17 Remote Access Hits: 17109
AC-18 Wireless Access Restrictions Hits: 15758
AC-19 Access Control For Portable And Mobile Devices Hits: 15503
AC-20 Use Of External Information Systems Hits: 15347
AT-01 Security Awareness And Training Policy And Procedures Hits: 17502
AT-02 Security Awareness Hits: 15827
AT-03 Security Training Hits: 15202
AT-04 Security Training Records Hits: 10526
AT-05 Contacts With Security Groups And Associations Hits: 8636
AU-01 Audit And Accountability Policy And Procedures Hits: 18886
AU-02 Auditable Events Hits: 25048
AU-03 Content Of Audit Records Hits: 15344
AU-04 Audit Storage Capacity Hits: 12443
AU-05 Response To Audit Processing Failures Hits: 15474
AU-06 Audit Monitoring, Analysis, And Reporting Hits: 31847
AU-07 Audit Reduction And Report Generation Hits: 15488
AU-08 Time Stamps Hits: 12155
AU-09 Protection Of Audit Information Hits: 15552
AU-10 Non-Repudiation Hits: 16315
AU-11 Audit Record Retention Hits: 13970
CA-01 Certification, Accreditation, And Security Assessment Policies And Procedures Hits: 15547
CA-02 Security Assessments Hits: 19363
CA-03 Information System Connections Hits: 11409
CA-04 Security Certification Hits: 14201
CA-05 Plan Of Action And Milestones Hits: 10292
CA-06 Security Accreditation Hits: 11940
CA-07 Continuous Monitoring Hits: 17715
CM-01 Configuration Management Policy And Procedures Hits: 16790
CM-02 Baseline Configuration Hits: 19506
CM-03 Configuration Change Control Hits: 17768
CM-04 Monitoring Configuration Changes Hits: 11935
CM-05 Access Restrictions For Change Hits: 14989
CM-06 Configuration Settings Hits: 14546
CM-07 Least Functionality Hits: 21902
CM-08 Information System Component Inventory Hits: 15811
CP-01 Contingency Planning Policy And Procedures Hits: 12030
CP-02 Contingency Plan Hits: 12217
CP-03 Contingency Training Hits: 10119
CP-04 Contingency Plan Testing And Exercises Hits: 17651
CP-05 Contingency Plan Update Hits: 9266
CP-06 Alternate Storage Site Hits: 10552
CP-07 Alternate Processing Site Hits: 12832
CP-08 Telecommunications Services Hits: 7727
CP-09 Information System Backup Hits: 15493
CP-10 Information System Recovery And Reconstitution Hits: 14575
IA-01 Identification And Authentication Policy And Procedures Hits: 18330
IA-02 User Identification And Authentication Hits: 25126
IA-03 Device Identification And Authentication Hits: 21322
IA-04 Identifier Management Hits: 15099
IA-05 Authenticator Management Hits: 17972
IA-06 Authenticator Feedback Hits: 12495
IA-07 Cryptographic Module Authentication Hits: 18238
IR-01 Incident Response Policy And Procedures Hits: 13536
IR-02 Incident Response Training Hits: 11597
IR-03 Incident Response Testing And Exercises Hits: 13953
IR-04 Incident Handling Hits: 21464
IR-05 Incident Monitoring Hits: 11790
IR-06 Incident Reporting Hits: 11712
IR-07 Incident Response Assistance Hits: 12013
MA-01 System Maintenance Policy And Procedures Hits: 12131
MA-02 Controlled Maintenance Hits: 12918
MA-03 Maintenance Tools Hits: 11175
MA-04 Remote Maintenance Hits: 12870
MA-05 Maintenance Personnel Hits: 9154
MA-06 Timely Maintenance Hits: 10251
MP-01 Media Protection Policy And Procedures Hits: 11770
MP-02 Media Access Hits: 11730
MP-03 Media Labeling Hits: 8416
MP-04 Media Storage Hits: 8869
MP-05 Media Transport Hits: 9050
MP-06 Media Sanitization And Disposal Hits: 9952
PE-01 Physical And Environmental Protection Policy And Procedures Hits: 11325
PE-02 Physical Access Authorizations Hits: 9929
PE-03 Physical Access Control Hits: 12832
PE-04 Access Control For Transmission Medium Hits: 9644
PE-05 Access Control For Display Medium Hits: 8834
PE-06 Monitoring Physical Access Hits: 11455
PE-07 Visitor Control Hits: 7811
PE-08 Access Records Hits: 6776
PE-09 Power Equipment And Power Cabling Hits: 9271
PE-10 Emergency Shutoff Hits: 8777
PE-11 Emergency Power Hits: 8396
PE-12 Emergency Lighting Hits: 8520
PE-13 Fire Protection Hits: 8878
PE-14 Temperature And Humidity Controls Hits: 8416
PE-15 Water Damage Protection Hits: 8547
PE-16 Delivery And Removal Hits: 8836
PE-17 Alternate Work Site Hits: 6974
PE-18 Location Of Information System Components Hits: 6965
PE-19 Information Leakage Hits: 8588
PL-01 Security Planning Policy And Procedures Hits: 15596
PL-02 System Security Plan Hits: 10744
PL-03 System Security Plan Update Hits: 6258
PL-04 Rules Of Behavior Hits: 12060
PL-05 Privacy Impact Assessment Hits: 8386
PL-06 Security-Related Activity Planning Hits: 6554
PS-01 Personnel Security Policy And Procedures Hits: 12798
PS-02 Position Categorization Hits: 7295
PS-03 Personnel Screening Hits: 8008
PS-04 Personnel Termination Hits: 6664
PS-05 Personnel Transfer Hits: 6273
PS-06 Access Agreements Hits: 11381
PS-07 Third-Party Personnel Security Hits: 11063
PS-08 Personnel Sanctions Hits: 8041
RA-01 Risk Assessment Policy And Procedures Hits: 11763
RA-02 Security Categorization Hits: 14254
RA-03 Risk Assessment Hits: 16192
RA-04 Risk Assessment Update Hits: 10876
RA-05 Vulnerability Scanning Hits: 18908
SA-01 System And Services Acquisition Policy And Procedures Hits: 16186
SA-02 Allocation Of Resources Hits: 12137
SA-03 Life Cycle Support Hits: 14277
SA-04 Acquisitions Hits: 13356
SA-05 Information System Documentation Hits: 22302
SA-06 Software Usage Restrictions Hits: 10762
SA-07 User Installed Software Hits: 10480
SA-08 Security Engineering Principles Hits: 17768
SA-09 External Information System Services Hits: 13116
SA-10 Developer Configuration Management Hits: 11699
SA-11 Developer Security Testing Hits: 10256
SC-01 System And Communications Protection Policy And Procedures Hits: 14203
SC-02 Application Partitioning Hits: 13250
SC-03 Security Function Isolation Hits: 15961
SC-04 Information Remnance Hits: 17057
SC-05 Denial Of Service Protection Hits: 15834
SC-06 Resource Priority Hits: 10814
SC-07 Boundary Protection Hits: 26993
SC-08 Transmission Integrity Hits: 18359
SC-09 Transmission Confidentiality Hits: 17176
SC-10 Network Disconnect Hits: 11380
SC-11 Trusted Path Hits: 13879
SC-12 Cryptographic Key Establishment And Management Hits: 15038
SC-13 Use Of Cryptography Hits: 16215
SC-14 Public Access Protections Hits: 9582
SC-15 Collaborative Computing Hits: 12210
SC-16 Transmission Of Security Parameters Hits: 7281
SC-17 Public Key Infrastructure Certificates Hits: 8203
SC-18 Mobile Code Hits: 16898
SC-19 Voice Over Internet Protocol Hits: 6909
SC-20 Secure Name / Address Resolution Service (Authoritative Source) Hits: 16404
SC-21 Secure Name / Address Resolution Service (Recursive Or Caching Resolver) Hits: 9318
SC-22 Architecture And Provisioning For Name / Address Resolution Service Hits: 9010
SC-23 Session Authenticity Hits: 17475
SI-01 System And Information Integrity Policy And Procedures Hits: 12853
SI-02 Flaw Remediation Hits: 23510
SI-03 Malicious Code Protection Hits: 21444
SI-04 Information System Monitoring Tools And Techniques Hits: 23536
SI-05 Security Alerts And Advisories Hits: 12611
SI-06 Security Functionality Verification Hits: 17968
SI-07 Software And Information Integrity Hits: 16921
SI-08 Spam Protection Hits: 8178
SI-09 Information Input Restrictions Hits: 8465
SI-10 Information Accuracy, Completeness, Validity, And Authenticity Hits: 17180
SI-11 Error Handling Hits: 12748
SI-12 Information Output Handling And Retention Hits: 10060