Detections
Analytics

800-53|SC-5

Title

DENIAL OF SERVICE PROTECTION

Description

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.

Reference Item Details

Related: SC-6,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.1 Set 'Maximum send size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.1.37 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.2 Set 'Maximum receive size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows DomainWindowsCIS Windows 8 L1 v1.0.0
1.4 SNMP Security - c) SNMP Security Protection FunctionZTE_ROSNGTenable ZTE ROSNG
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.7 Set 'Maximum number of recipients - organization level' to '5000'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.9 Ensure 'Maximum receive size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Edge v1.0.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.17 Set 'Maximum send size - organization level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.18 Set 'Maximum receive size - connector level' to '10240'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.49 UBTU-22-251025UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.54 UBTU-22-253010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.110 UBTU-24-600190UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.111 UBTU-24-600200UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.112 WN10-CC-000055WindowsCIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.165 RHEL-09-251030UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.182 RHEL-09-253010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.328 OL08-00-040150UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0UnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
2.2.2 Ensure 'Maximum send size: Organization level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.4 Ensure 'Maximum send size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.5 Ensure 'Maximum receive size: Connector level' is set to '25'WindowsCIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'OracleDBCIS Oracle Server 19c DB Unified Auditing v1.2.0
2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'OracleDBCIS Oracle Server 19c DB Traditional Auditing v1.2.0
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max BandwidthWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max ConnectionsWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidthWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnectionsWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - current ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv4 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.13 Disable ICMP Redirect Messages - persistent ipv6 = offUnixCIS Solaris 11.2 L1 v1.1.0
3.097 - The system is configured for a greater keep-alive time than recommended.WindowsDISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.WindowsDISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.WindowsDISA Windows Vista STIG v6r41
3.123 - Auditing Access of Global System Objects must be turned off.WindowsDISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.WindowsDISA Windows Vista STIG v6r41
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0
10.11 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware