SP-002: Server Module

Diagram:

Your browser does not support SVG files! We recommend you upgrade to the latest version of Firefox, Safari orOpera so you receive patterns with hyper-linked controls.

&nbsp

Description: Generic server module showing appropriate controls that should be applied to all servers that supply and process information or access other information systems.

Indications: This pattern module is referenced throughout OSA.

Contra-indications: None.

Resistance against threats: TBD. List of the threats that the pattern can resist.

References: n/a

Related patterns: n/a

Classification: Module

Release: 08.02

Authors: Spinoza

Reviewer: Aurelius

Control details

AC-03 Access enforcement
AC-05 Separation Of Duties
AC-06 Least privilege
AC-07 Unsuccessful login attempts
AC-08 System use notification
AC-09 Previous Logon Notification
AC-10 Concurrent Session Control
AC-12 Session Termination

AT-03 Security Training
AT-04 Security Training Records

AU-02 Auditable Events
AU-03 Content Of Audit Records
AU-04 Audit Storage Capacity
AU-05 Response To Audit Processing Failures
AU-06 Audit Monitoring, Analysis, And Reporting
AU-08 Time Stamps
AU-09 Protection Of Audit Information
AU-10 Non-Repudiation
AU-11 Audit Record Retention

CA-02 Security Assessments
CA-04 Security Certification
CA-06 Security Accreditation
CA-07 Continuous Monitoring

CM-02 Baseline Configuration
CM-03 Configuration Change Control
CM-04 Monitoring Configuration Changes
CM-05 Access Restrictions For Change
CM-06 Configuration Settings
CM-07 Least Functionality
CM-08 Information System Component Inventory

CP-03 Contingency Training
CP-04 Contingency Plan Testing And Exercises
CP-05 Contingency Plan Update
CP-09 Information System Backup
CP-10 Information System Recovery And Reconstitution

IA-02 User Identification And Authentication
IA-06 Authenticator Feedback
IA-07 Cryptographic Module Authentication

IR-02 Incident Response Training IR-03 Incident Response Testing And Exercises
IR-04 Incident Handling
IR-05 Incident Monitoring
IR-06 Incident Reporting
IR-07 Incident Response Assistance

MA-02 Controlled Maintenance
MA-03 Maintenance Tools
MA-04 Remote Maintenance
MA-05 Maintenance Personnel
MA-06 Timely Maintenance

MP-02 Media Access

PE-02 Physical Access Authorizations
PE-03 Physical Access Control
PE-05 Access Control For Display Medium
PE-06 Monitoring Physical Access
PE-09 Power Equipment And Power Cabling
PE-10 Emergency Shutoff
PE-11 Emergency Power
PE-12 Emergency Lighting
PE-13 Fire Protection
PE-14 Temperature And Humidity Controls
PE-15 Water Damage Protection
PE-16 Delivery And Removal

RA-02 Security Categorization
RA-03 Risk Assessment
RA-04 Risk Assessment Update
RA-05 Vulnerability Scanning

SA-02 Allocation Of Resources
SA-03 Life Cycle Support
SA-04 Acquisitions
SA-05 Information System Documentation
SA-06 Software Usage Restrictions
SA-08 Security Engineering Principles

SC-02 Application Partitioning
SC-03 Security Function Isolation
SC-04 Information Remnance
SC-05 Denial Of Service Protection
SC-06 Resource Priority
SC-10 Network Disconnect
SC-12 Cryptographic Key Establishment And Management
SC-13 Use Of Cryptography
SC-14 Public Access Protections
SC-18 Mobile Code

SI-02 Flaw Remediation
SI-03 Malicious Code Protection
SI-04 Information System Monitoring Tools And Techniques
SI-05 Security Alerts And Advisories
SI-06 Security Functionality Verification
SI-07 Software And Information Integrity
SI-10 Information Accuracy, Completeness, Validity, And Authenticity
SI-11 Error Handling