800-53|SC-5

Title

DENIAL OF SERVICE PROTECTION

Description

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-6,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 Set 'Maximum send size - connector level' to '10240'	Windows	CIS Microsoft Exchange Server 2016 Edge v1.0.0
1.1 Set 'Maximum send size - connector level' to '10240'	Windows	CIS Microsoft Exchange Server 2013 Edge v1.1.0
1.1.37 Ensure that the --request-timeout argument is set as appropriate	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriate	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.2 Set 'Maximum receive size - organization level' to '10240'	Windows	CIS Microsoft Exchange Server 2013 Hub v1.1.0
1.2 Set 'Maximum receive size - organization level' to '10240'	Windows	CIS Microsoft Exchange Server 2016 Hub v1.0.0
1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain	Windows	CIS Windows 8 L1 v1.0.0
1.2.25 Ensure that the --request-timeout argument is set as appropriate	Unix	CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master
1.2.26 Ensure that the --request-timeout argument is set as appropriate	Unix	CIS Kubernetes Benchmark v1.5.1 L1
1.4 SNMP Security - c) SNMP Security Protection Function	ZTE_ROSNG	Tenable ZTE ROSNG
1.4.11 Enable Dynamic IP Address Restrictions - Deny By Conccurent Requests	Windows	CIS IIS 8.0 v1.4.0 Level 1
1.4.11 Enable Dynamic IP Address Restrictions - Deny By Request Rate	Windows	CIS IIS 8.0 v1.4.0 Level 1
1.4.11 Enable Dynamic IP Address Restrictions - Not Logging Only Mode	Windows	CIS IIS 8.0 v1.4.0 Level 1
1.6.1 Configure Login Block - login block-for	Cisco	CIS Cisco IOS 16 L2 v1.1.0
1.6.1 Configure Login Block - login quiet-mode	Cisco	CIS Cisco IOS 16 L2 v1.1.0
1.7 Set 'Maximum number of recipients - organization level' to '5000'	Windows	CIS Microsoft Exchange Server 2013 Hub v1.1.0
1.7 Set 'Maximum number of recipients - organization level' to '5000'	Windows	CIS Microsoft Exchange Server 2016 Hub v1.0.0
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'	Windows	CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.9.29 Interactive logon: Require smart card	Windows	CIS Windows 2008 SSLF v1.2.0
1.12.11 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat5.5/6.0 L2 v1.0
1.17 Set 'Maximum send size - organization level' to '10240'	Windows	CIS Microsoft Exchange Server 2013 Hub v1.1.0
1.17 Set 'Maximum send size - organization level' to '10240'	Windows	CIS Microsoft Exchange Server 2016 Hub v1.0.0
1.18 Set 'Maximum receive size - connector level' to '10240'	Windows	CIS Microsoft Exchange Server 2013 Hub v1.1.0
1.18 Set 'Maximum receive size - connector level' to '10240'	Windows	CIS Microsoft Exchange Server 2016 Hub v1.0.0
2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	Unix	CIS Kubernetes 1.13 Benchmark v1.4.0 L1
2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	Unix	CIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	Unix	CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0	Unix	CIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.2.2 Ensure 'Maximum send size: Organization level' is set to '25'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.4 Ensure 'Maximum send size: Connector level' is set to '25'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.5 Ensure 'Maximum receive size: Connector level' is set to '25'	Windows	CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
3.097 - The system is configured for a greater keep-alive time than recommended.	Windows	DISA Windows Vista STIG v6r41
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 9 L2 v1.0.0 Middleware
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 9 L2 v1.0.0
10.11 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 7 L2 v1.1.0
10.11 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 7 L2 v1.1.0 Middleware
10.11 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 8 L2 v1.0.1
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'	Windows	CIS Windows Server 2012 R2 MS L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'	Windows	CIS Windows Server 2012 R2 MS L1 v2.4.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'	Windows	CIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - is set to Enabled: 1 = Minimize simultaneous connections	Windows	CIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - Enabled	Windows	CIS Windows Server 2012 R2 DC L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v2.4.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v2.1.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 L1 v2.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v2.1.0

Detections

Analytics