800-53|SC-5

Title

DENIAL OF SERVICE PROTECTION

Description

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.

Reference Item Details

Related: SC-6,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.1.37 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.4 SNMP Security - c) SNMP Security Protection FunctionZTE_ROSNGTenable ZTE ROSNG
1.6.1 Configure Login Block - login block-forCiscoCIS Cisco IOS 16 L2 v1.1.2
1.6.1 Configure Login Block - login delayCiscoCIS Cisco IOS 16 L2 v1.1.2
1.6.1 Configure Login Block - login quiet-modeCiscoCIS Cisco IOS 16 L2 v1.1.2
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.2.10 Ensure rate limiting measures are set - configUnixCIS Amazon Linux 2 STIG v1.0.0 L3
3.2.10 Ensure rate limiting measures are set - sysctlUnixCIS Amazon Linux 2 STIG v1.0.0 L3
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max BandwidthWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max ConnectionsWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidthWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnectionsWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.097 - The system is configured for a greater keep-alive time than recommended.WindowsDISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.WindowsDISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.WindowsDISA Windows Vista STIG v6r41
3.123 - Auditing Access of Global System Objects must be turned off.WindowsDISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.WindowsDISA Windows Vista STIG v6r41
4.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes Benchmark v1.6.1 L1 Worker
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent RequestsWindowsCIS IIS 7 L1 v1.8.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent RequestsWindowsCIS IIS 8.0 v1.5.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request RateWindowsCIS IIS 7 L1 v1.8.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request RateWindowsCIS IIS 8.0 v1.5.0 Level 1
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Not Logging Only ModeWindowsCIS IIS 7 L1 v1.8.0
4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Not Logging Only ModeWindowsCIS IIS 8.0 v1.5.0 Level 1
4.19 listener.ora - 'inbound_connect_timeout_listener = 2'UnixCIS v1.1.0 Oracle 11g OS L2
4.19 listener.ora - 'inbound_connect_timeout_listener = 2'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 2
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
36 - Configure connectionTimeoutUnixTNS Best Practice Jetty 9 Linux
37 - Configure maxHttpHeaderSizeUnixTNS Best Practice Jetty 9 Linux