Foundations

Core concepts, principles, and frameworks that underpin Open Security Architecture. These foundational elements provide the context for understanding and applying OSA patterns.

Security Capability Model

13 capability areas, 52 strategic capabilities and 207 architectural sub-capabilities across 3 phases — Foundation, Protect, Operate.

Security Roles & Actors

How security roles map to OSA patterns, aligned to the NIST NICE Framework and NIST CSF 2.0.

Secure Development Lifecycle

How modern SDLC security frameworks map to OSA patterns -- from NIST SSDF to SLSA and CISA Secure by Design.

Security Design Principles

From Saltzer and Schroeder to NIST SP 800-160 -- the principles that underpin every OSA pattern.

How to Use OSA

A practical guide to using OSA patterns, controls, compliance mappings, and assessments.

Policy Templates

NIST-mapped Information Security Policy and Acceptable Use Policy templates, free for registered users.

Icon Library

79 security architecture icons in flat monochrome SVG format for diagrams and documentation.

Definitions

Key terms and concepts used throughout OSA.

IT Security Architecture

The enterprise discipline that embodies security principles in the design of IT systems.

IT Architecture

Why do we need IT Architecture? Abstract system descriptions are essential to achieve qualities like sustainability, dependability, scalability, and performance -- these don't emerge naturally from simply combining functional components.

IT Risk

Most IT risk discussions focus narrowly on IT Security, yet modern business processes depend heavily on IT and risk management is a critical corporate governance concern that extends much further.

IT Security

Security provided by IT systems can be defined as the system's ability to protect confidentiality and integrity of processed data, and provide availability of the system and data. Together these are the CIA characteristics.

Security Patterns

Design patterns have significantly influenced security pattern development. OSA combines structured NIST 800-53 control mappings with visual architectural diagrams to create reusable solutions for recurring security design problems.

Security Requirements

Security requirements describe functional and non-functional requirements that must be satisfied to achieve the security properties of an IT system.

Glossary

Key terms used throughout OSA.

Archive

Superseded or legacy foundation pages retained for reference.

OSA Landscape

The security architecture landscape that maps all 52 OSA patterns across 8 domains.