After 17 years of serving the security architecture community, Open Security Architecture has a new home.
We've completely rebuilt the site from the ground up using modern web technologies, while preserving everything that made OSA valuable: practical, implementable security patterns with comprehensive control mappings.
What's New
**Modern Framework Mappings**: All 191 NIST 800-53 Rev 5 controls now include mappings to ISO 27001:2022, ISO 27002:2022, COBIT 2019, CIS Controls v8, NIST CSF 2.0, and SOC 2 Trust Services Criteria. That's over 4,200 individual compliance mappings.
**Faster, Cleaner Experience**: The new site is built with Astro and Tailwind CSS, deployed on Cloudflare's edge network. Pages load instantly, navigation is intuitive, and it works beautifully on mobile devices.
**Better Organisation**: Browse controls by family, explore framework mappings, and find patterns more easily than ever. Each control page shows you exactly which frameworks it maps to.
**Open Source**: The structured data behind OSA is now available on GitHub. Build tools, integrate with your workflows, or contribute improvements.
What Stays the Same
Our mission hasn't changed. OSA exists to provide **operational, ready-to-use security architecture patterns** that you can actually implement. Unlike purely strategic frameworks, our patterns include specific controls, threat mitigations, and practical guidance.
All 27 security patterns remain available, from Cloud Computing and Identity Management to Industrial Control Systems and PCI environments.
What's Next
We're planning an API layer to make OSA data programmatically accessible, followed by AI-powered features for pattern recommendations and threat modelling assistance.
Thank you for continuing to use OSA. Here's to the next 17 years.
*The OSA Core Team*