800-53|SC-5(2)

Title

EXCESS CAPACITY / BANDWIDTH / REDUNDANCY

Description

The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.

Supplemental

Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Managing excess capacity may include, for example, establishing selected usage priorities, quotas, or partitioning.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: DENIAL OF SERVICE PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows DomainWindowsCIS Windows 8 L1 v1.0.0
3.2 Logs not on system partition - '@SYSCONFDIR@/my.cnf log-bin = /var or /var/log'UnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
3.2 Logs not on system partition - '/etc/my.cnf log-bin = /var or /var/log'UnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
3.2 Logs not on system partition - '/etc/mysql/my.cnf log-bin = /var or /var/log'UnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - @MYSQL_INSTALL@\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - @MYSQL_INSTALL@\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - %WINDIR%\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - %WINDIR%\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - C:\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.2 Logs not on system partition 'log file not on System partition' - C:\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition - log file location - @SYSCONFDIR@/my.cnfUnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
3.3 Logs not on database partition - log file location - /etc/mysql/my.cnfUnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - @MYSQL_INSTALL@\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - @MYSQL_INSTALL@\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - %WINDIR%\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - %WINDIR%\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - C:\my.cnfWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.3 Logs not on database partition 'log file not on Data partition' - C:\my.iniWindowsCIS MySQL 4.1 5.1 OS L1 v1.0.2
3.123 - Auditing Access of Global System Objects must be turned off.WindowsDISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.WindowsDISA Windows Vista STIG v6r41
5.2 SnapMirror - 'replication.throttle.enable = on'NetAppTNS NetApp Data ONTAP 7G
5.2 SnapMirror - 'replication.throttle.incoming.max_kbs has been configured'NetAppTNS NetApp Data ONTAP 7G
5.2 SnapMirror - 'replication.throttle.outgoing.max_kbs has been configured'NetAppTNS NetApp Data ONTAP 7G
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Windows Server 2012 R2 MS L1 v2.4.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - is set to Enabled: 1 = Minimize simultaneous connectionsWindowsCIS Microsoft Windows Server 2016 DC L1 v1.2.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' - EnabledWindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v2.4.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.1.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 L1 v2.3.0
18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.1.0
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.UnixDISA STIG AIX 7.x v2r9
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.UnixDISA STIG AIX 7.x v2r3
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.UnixDISA STIG AIX 7.x v2r1
AMLS-L3-000270 - The Arista Multilayer Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks - DoS attacks.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.AristaDISA STIG Arista MLS EOS 4.2x L2S v1r1
ARST-RT-000290 - The MPLS router with RSVP-TE enabled must be configured with message pacing or refresh reduction to adjust maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000310 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000320 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
BIND-9X-001050 - The BIND 9.x secondary name server must limit the number of zones requested from a single master name server.UnixDISA BIND 9.x STIG v1r9
BIND-9X-001050 - The BIND 9.x secondary name server must limit the number of zones requested from a single master name server.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001051 - The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.UnixDISA BIND 9.x STIG v1r9
BIND-9X-001051 - The BIND 9.x secondary name server must limit the total number of zones the name server can request at any one time.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001052 - The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients.UnixDISA BIND 9.x STIG v2r2
BIND-9X-001052 - The BIND 9.x server implementation must limit the number of concurrent session client connections to the number of allowed dynamic update clients.UnixDISA BIND 9.x STIG v1r9
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-queryUnixDISA BIND 9.x STIG v1r9
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-queryUnixDISA BIND 9.x STIG v2r2