4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | CIS Kubernetes v1.20 Benchmark v1.0.0 L2 Worker | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | CIS v1.1.0 Oracle 11g OS L2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' | CIS Microsoft Windows Server 2016 MS L1 v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - is set to Enabled: 1 = Minimize simultaneous connections | CIS Microsoft Windows Server 2016 DC L1 v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
AS24-W2-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Big Sur - Limit Impact of Denial of Service Attacks | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Limit Impact of Denial of Service Attacks | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Catalina v1.5.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN003612 - The system must be configured to use TCP syncookies when experiencing a TCP SYN flood. | DISA STIG for Oracle Linux 5 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Limit Impact of Denial of Service Attacks | NIST macOS Monterey v1.0.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0375 - The device must be configured to protect the network against denial of service attacks such as Ping of Death, TCP SYN floods, etc. | DISA STIG Cisco Firewall v8r24 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0770 - The router must have IP source routing disabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0770 - The router must have IP source routing disabled. | DISA STIG Juniper Infrastructure Router V8R27 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0770 - The router must have IP source routing disabled. | DISA STIG Juniper Perimeter Router V8R30 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0770 - The router must have IP source routing disabled. | DISA STIG Juniper Perimeter Router V8R32 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0781 - Gratuitous ARP must be disabled. | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0790 - IP directed broadcast is not disabled. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0790 - IP directed broadcast is not disabled. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0790 - IP directed broadcast is not disabled. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0790 - IP directed broadcast is not disabled. | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0960 - Routers are not set to intercept TCP SYN attacks - 'access-list TCP_INTERCEPT permit tcp any INTERNAL_NETWORK' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0960 - Routers are not set to intercept TCP SYN attacks - 'access-list TCP_INTERCEPT permit tcp any INTERNAL_NETWORK' | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0960 - Routers are not set to intercept TCP SYN attacks - 'ip tcp intercept list TCP_INTERCEPT_ACL' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0960 - Routers are not set to intercept TCP SYN attacks - 'ip tcp intercept list TCP_INTERCEPT_ACL' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0960 - Routers are not set to intercept TCP SYN attacks - 'ip tcp intercept list TCP_INTERCEPT_ACL' | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
OL08-00-040150 - A firewall must be able to protect against or limit the effects of denial-of-service (DoS) attacks by ensuring OL 8 can implement rate-limiting measures on impacted network interfaces. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
PHTN-30-000036 - The Photon operating system must use Transmission Control Protocol (TCP) syncookies. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
PHTN-67-000037 - The Photon operating system must use TCP syncookies. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
RHEL-09-253010 - RHEL 9 must be configured to use TCP syncookies. | DISA Red Hat Enterprise Linux 9 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
WG110 IIS7 - Web sites must limit the number of simultaneous requests. | DISA IIS 7.0 Web Site v1r19 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
WG110 W22 - The number of allowed simultaneous requests must be set. | DISA STIG Apache Site 2.2 Windows v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
WG110 W22 - The number of allowed simultaneous requests must be set. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |