Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002385
CCI
CCI|CCI-002385
Title
Protect against or limit the effects of organization-defined types of denial of service events.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.097 - The system is configured for a greater keep-alive time than recommended.
Windows
DISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.
Windows
DISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.
Windows
DISA Windows Vista STIG v6r41
5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.
Windows
DISA Windows Vista STIG v6r41
5.239 - Windows Explorer - Heap Termination
Windows
DISA Windows Vista STIG v6r41
AIX7-00-003097 - AIX must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AIX is implementing rate-limiting measures on impacted network interfaces
Unix
DISA STIG AIX 7.x v2r9
AMLS-L3-000260 - The Arista Multilayer Switch must ensure all Exterior Border Gateway Protocol (eBGP) routers are configured to use Generalized TTL Security Mechanism (GTSM) or are configured to meet RFC3682.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000050 - The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000070 - The Arista MLS switch must have STP Loop Guard enabled on all nondesignated STP switch ports.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000100 - The Arista MLS layer 2 switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-RT-000490 - The Arista router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000510 - The Arista router must be configured to have gratuitous ARP disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000520 - The Arista router must be configured to have IP directed broadcast disabled on all interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000540 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) mask replies disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000550 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000560 - The Arista BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000570 - The Arista BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000600 - The Arista BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM).
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - apachectl
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - httpd pid
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - service
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user.
Unix
DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000820 - The Apache web server must be protected from being stopped by a non-privileged user.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000820 - The Apache web server must be protected from being stopped by a non-privileged user.
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application.
Windows
DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application.
Windows
DISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection.
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature
Cisco
DISA STIG Cisco ASA NDM v2r1
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
Cisco
DISA STIG Cisco NX-OS Switch L2S v3r1
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches.
Cisco
DISA STIG Cisco IOS XE Switch L2S v3r1
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches.
Cisco
DISA STIG Cisco IOS Switch L2S v3r1
CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports.
Cisco
DISA STIG Cisco IOS XE Switch L2S v3r1
CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports.
Cisco
DISA STIG Cisco NX-OS Switch L2S v3r1
CISC-L2-000100 - The Cisco switch must have Bridge Protocol Data Unit (BPDU) Guard enabled on all user-facing or untrusted access switch ports.
Cisco
DISA STIG Cisco IOS Switch L2S v3r1
