CCI|CCI-001095

Title

The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows 7 STIG v1r32
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows Vista STIG v6r41
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows Server 2008 MS STIG v6r46
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows Server 2008 DC STIG v6r47
3.123 - Auditing Access of Global System Objects must be turned off.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
3.124 - Audit of Backup and Restore Privileges is not turned off.	Windows	DISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.	Windows	DISA Windows Server 2008 DC STIG v6r47
3.124 - Audit of Backup and Restore Privileges is not turned off.	Windows	DISA Windows Server 2008 MS STIG v6r46
3.124 - Audit of backup and restore privileges is not turned off.	Windows	DISA Windows 7 STIG v1r32
3.124 - Audit of Backup and Restore Privileges will be turned off.	Windows	DISA Windows Server 2008 R2 DC STIG v1r34
3.124 - Audit of Backup and Restore Privileges will be turned off.	Windows	DISA Windows Server 2008 R2 MS STIG v1r33
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.	Unix	DISA STIG AIX 7.x v2r5
AMLS-L3-000270 - Arista MLS must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR V1R2
AMLS-L3-000270 - The Arista Multilayer Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks - DoS attacks.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.	Arista	DISA STIG Arista MLS EOS 4.2x L2S v1r1
ARST-RT-000290 - The MPLS router with RSVP-TE enabled must be configured with message pacing or refresh reduction to adjust maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000310 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000320 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
Big Sur - Limit Impact of Denial of Service Attacks	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-query	Unix	DISA BIND 9.x STIG v1r9
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-query	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - recursion	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - recursion	Unix	DISA BIND 9.x STIG v1r9
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - zone allow-query	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - zone allow-query	Unix	DISA BIND 9.x STIG v1r9
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.	Unix	DISA BIND 9.x STIG v2r3
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco ASA FW v1r2
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r3
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r5
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v1r1
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r1
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.	Cisco	DISA STIG Cisco IOS XE Switch L2S v2r4
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco IOS Switch L2S v2r1
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco IOS Switch L2S v2r3
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.	Cisco	DISA STIG Cisco IOS Switch L2S v2r4
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.	Cisco	DISA STIG Cisco IOS Router RTR v1r4
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r2

Detections

Analytics

CCI|CCI-001095

Title

Reference Item Details

Audit Items