Client Module
Client module depicting standard security controls. Used in other OSA security architecture patterns.
Release: 08.02 Authors: Russell Updated: 2025-07-04
Click on controls in the diagram to view details. Download SVG
When to Use
This pattern module is referenced throughout OSA.
Threat Resistance
TBD.
Mapped Controls (80)
AC: 8AT: 3AU: 8CA: 4CM: 7CP: 5IA: 3IR: 6MA: 5MP: 1PL: 1PS: 1RA: 4SA: 7SC: 10SI: 7
- AC-03 Access enforcement
- AC-05 Separation Of Duties
- AC-06 Least privilege
- AC-07 Unsuccessful login attempts
- AC-08 System use notification
- AC-11 Session Lock
- AC-12 Session Termination
- AC-19 Session Termination
- AT-02 Security Awareness
- AT-03 Security Training
- AT-04 Security Training Records
- AU-02 Auditable Events
- AU-03 Content Of Audit Records
- AU-04 Audit Storage Capacity
- AU-05 Response To Audit Processing Failures
- AU-08 Time Stamps
- AU-09 Protection Of Audit Information
- AU-10 Non-Repudiation
- AU-11 Audit Record Retention
- CA-02 Security Assessments
- CA-04 Security Certification
- CA-06 Security Accreditation
- CA-07 Continuous Monitoring
- CM-02 Baseline Configuration
- CM-03 Configuration Change Control
- CM-04 Monitoring Configuration Changes
- CM-05 Access Restrictions For Change
- CM-06 Configuration Settings
- CM-07 Least Functionality
- CM-08 Information System Component Inventory
- CP-03 Contingency Training
- CP-04 Contingency Plan Testing And Exercises
- CP-05 Contingency Plan Update
- CP-09 Information System Backup
- CP-10 Information System Recovery And Reconstitution
- IA-02 User Identification And Authentication
- IA-06 Authenticator Feedback
- IA-07 Cryptographic Module Authentication
- IR-02 Incident Response Training
- IR-03 Incident Response Testing And Exercises
- IR-04 Incident Handling
- IR-05 Incident Monitoring
- IR-06 Incident Reporting
- IR-07 Incident Response Assistance
- MA-02 Controlled Maintenance
- MA-03 Maintenance Tools
- MA-04 Remote Maintenance
- MA-05 Maintenance Personnel
- MA-06 Timely Maintenance
- MP-02 Media Access
- PL-04 Rules Of Behavior
- PS-06 Access Agreements
- RA-02 Security Categorization
- RA-03 Risk Assessment
- RA-04 Risk Assessment Update
- RA-05 Vulnerability Scanning
- SA-02 Allocation Of Resources
- SA-03 Life Cycle Support
- SA-04 Acquisitions
- SA-05 Information System Documentation
- SA-06 Software Usage Restrictions
- SA-07 User Installed Software
- SA-08 Security Engineering Principles
- SC-03 Security Function Isolation
- SC-04 Information Remnance
- SC-05 Denial Of Service Protection
- SC-06 Resource Priority
- SC-11 Trusted Path
- SC-12 Cryptographic Key Establishment And Management
- SC-13 Use Of Cryptography
- SC-14 Public Access Protections
- SC-15 Collaborative Computing
- SC-18 Mobile Code
- SI-02 Flaw Remediation
- SI-03 Malicious Code Protection
- SI-04 Information System Monitoring Tools And Techniques
- SI-05 Security Alerts And Advisories
- SI-06 Security Functionality Verification
- SI-07 Software And Information Integrity
- SI-11 Error Handling