Audits
Settings
Links
Tenable.io
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Links
Tenable.io
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Audits
References
CCI
CCI-001095
CCI
CCI|CCI-001095
Title
The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
3.123 - Auditing Access of Global System Objects must be turned off.
Windows
DISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.
Windows
DISA Windows Vista STIG v6r41
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.
Unix
DISA STIG AIX 7.x v2r5
AMLS-L3-000270 - The Arista Multilayer Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks - DoS attacks.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r3
Big Sur - Limit Impact of Denial of Service Attacks
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-query
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - recursion
Unix
DISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - zone allow-query
Unix
DISA BIND 9.x STIG v2r2
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.
Cisco
DISA STIG Cisco ASA FW v1r2
Catalina - Limit Impact of Denial of Service Attacks
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.
Cisco
DISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.
Cisco
DISA STIG Cisco IOS Switch L2S v2r2
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.
Cisco
DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.
Cisco
DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.
Cisco
DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000610 - The MPLS switch with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core switches.
Cisco
DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000610 - The MPLS switch with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core switches.
Cisco
DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.
Cisco
DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.
Cisco
DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000700 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.
Cisco
DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000700 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.
Cisco
DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000770 - The Cisco P router must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000770 - The Cisco P router must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000770 - The Cisco P router must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile.
Cisco
DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000770 - The Cisco P switch must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000770 - The Cisco P switch must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000770 - The Cisco P switch must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Cisco
DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial of service (DoS) attacks - DoS attacks.
Cisco
DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks - DoS attacks.
Cisco
DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks - DoS attacks.
Cisco
DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.
Cisco
DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.
Cisco
DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.
Cisco
DISA STIG Cisco IOS Switch RTR v2r1
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002770 - Docker Enterprise container health must be checked at runtime.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-002780 - PIDs cgroup limits must be used in Docker Enterprise.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EX13-EG-000095 - Exchange Outbound Connection Timeout must be 10 minutes or less.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-EG-000100 - Exchange Outbound Connection Limit per Domain Count must be controlled.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-EG-000105 - Exchange Global Outbound Message size must be controlled.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-EG-000115 - Exchange Send connector connections count must be limited.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-EG-000120 - Exchange message size restrictions must be controlled on Send connectors.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-EG-000125 - Exchange Send connectors delivery retries must be controlled.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5