Monterey - Limit Impact of Denial of Service Attacks

Information

The macOS should be configured to limit the impact of Denial of Service (DoS) attacks.

DoS attacks leave authorized users unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. When this occurs, the organization must operate at degraded capacity; often resulting in an inability to accomplish its mission.

To limit the impact of DoS attacks, organizations may choose to employ increased capacity and service redundancy, which has the potential to reduce systems' susceptibility to some DoS attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning. Many operating systems can be integrated with enterprise-level firewalls and networking equipment that meet or exceed this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5(2), CCE|CCE-90942-4, CCI|CCI-001095

Plugin: Unix

Control ID: 3696530c46cd20b3e99ee8178659a5773b107b6e4dcf7b9c7c8cc4b1ec5e0a80