800-53|SC-5

Title

DENIAL OF SERVICE PROTECTION

Description

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.

Reference Item Details

Related: SC-6,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.1.37 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows DomainWindowsCIS Windows 8 L1 v1.0.0
1.4 SNMP Security - c) SNMP Security Protection FunctionZTE_ROSNGTenable ZTE ROSNG
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.2.2 Ensure 'Maximum send size: Organization level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.4 Ensure 'Maximum send size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.5 Ensure 'Maximum receive size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.2.10 Ensure rate limiting measures are set - configUnixCIS Amazon Linux 2 STIG v1.0.0 L3
3.2.10 Ensure rate limiting measures are set - sysctlUnixCIS Amazon Linux 2 STIG v1.0.0 L3
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max BandwidthWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max ConnectionsWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidthWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnectionsWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.097 - The system is configured for a greater keep-alive time than recommended.WindowsDISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.WindowsDISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.WindowsDISA Windows Vista STIG v6r41
3.123 - Auditing Access of Global System Objects must be turned off.WindowsDISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.WindowsDISA Windows Vista STIG v6r41
4.11 Ensure 'Dynamic IP Address Restrictions' is enabledWindowsCIS IIS 8.0 v1.5.1 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent RequestsWindowsCIS IIS 7 L1 v1.8.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request RateWindowsCIS IIS 7 L1 v1.8.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Not Logging Only ModeWindowsCIS IIS 7 L1 v1.8.0
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
36 - Configure connectionTimeoutUnixTNS Best Practice Jetty 9 Linux
37 - Configure maxHttpHeaderSizeUnixTNS Best Practice Jetty 9 Linux