Server Module
Server module depicting standard security controls. Module used in other OSA security architecture patterns.
Release: 08.02 Authors: Russell Updated: 2025-07-04
Click on controls in the diagram to view details. Download SVG
When to Use
This pattern module is referenced throughout OSA.
When NOT to Use
None.
Threat Resistance
TBD. List of the threats that the pattern can resist.
Mapped Controls (90)
AC: 8AT: 2AU: 9CA: 4CM: 7CP: 5IA: 3IR: 6MA: 5MP: 1PE: 12RA: 4SA: 6SC: 10SI: 8
- AC-03 Access enforcement
- AC-05 Separation Of Duties
- AC-06 Least privilege
- AC-07 Unsuccessful login attempts
- AC-08 System use notification
- AC-09 Previous Logon Notification
- AC-10 Concurrent Session Control
- AC-12 Session Termination
- AT-03 Security Training
- AT-04 Security Training Records
- AU-02 Auditable Events
- AU-03 Content Of Audit Records
- AU-04 Audit Storage Capacity
- AU-05 Response To Audit Processing Failures
- AU-06 Audit Monitoring, Analysis, And Reporting
- AU-08 Time Stamps
- AU-09 Protection Of Audit Information
- AU-10 Non-Repudiation
- AU-11 Audit Record Retention
- CA-02 Security Assessments
- CA-04 Security Certification
- CA-06 Security Accreditation
- CA-07 Continuous Monitoring
- CM-02 Baseline Configuration
- CM-03 Configuration Change Control
- CM-04 Monitoring Configuration Changes
- CM-05 Access Restrictions For Change
- CM-06 Configuration Settings
- CM-07 Least Functionality
- CM-08 Information System Component Inventory
- CP-03 Contingency Training
- CP-04 Contingency Plan Testing And Exercises
- CP-05 Contingency Plan Update
- CP-09 Information System Backup
- CP-10 Information System Recovery And Reconstitution
- IA-02 User Identification And Authentication
- IA-06 Authenticator Feedback
- IA-07 Cryptographic Module Authentication
- IR-02 Incident Response Training
- IR-03 Incident Response Testing And Exercises
- IR-04 Incident Handling
- IR-05 Incident Monitoring
- IR-06 Incident Reporting
- IR-07 Incident Response Assistance
- MA-02 Controlled Maintenance
- MA-03 Maintenance Tools
- MA-04 Remote Maintenance
- MA-05 Maintenance Personnel
- MA-06 Timely Maintenance
- MP-02 Media Access
- PE-02 Physical Access Authorizations
- PE-03 Physical Access Control
- PE-05 Access Control For Display Medium
- PE-06 Monitoring Physical Access
- PE-09 Power Equipment And Power Cabling
- PE-10 Emergency Shutoff
- PE-11 Emergency Power
- PE-12 Emergency Lighting
- PE-13 Fire Protection
- PE-14 Temperature And Humidity Controls
- PE-15 Water Damage Protection
- PE-16 Delivery And Removal
- RA-02 Security Categorization
- RA-03 Risk Assessment
- RA-04 Risk Assessment Update
- RA-05 Vulnerability Scanning
- SA-02 Allocation Of Resources
- SA-03 Life Cycle Support
- SA-04 Acquisitions
- SA-05 Information System Documentation
- SA-06 Software Usage Restrictions
- SA-08 Security Engineering Principles
- SC-02 Application Partitioning
- SC-03 Security Function Isolation
- SC-04 Information Remnance
- SC-05 Denial Of Service Protection
- SC-06 Resource Priority
- SC-10 Network Disconnect
- SC-12 Cryptographic Key Establishment And Management
- SC-13 Use Of Cryptography
- SC-14 Public Access Protections
- SC-18 Mobile Code
- SI-02 Flaw Remediation
- SI-03 Malicious Code Protection
- SI-04 Information System Monitoring Tools And Techniques
- SI-05 Security Alerts And Advisories
- SI-06 Security Functionality Verification
- SI-07 Software And Information Integrity
- SI-10 Information Accuracy, Completeness, Validity, And Authenticity
- SI-11 Error Handling