CCI|CCI-001095

Title

The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.123 - Auditing Access of Global System Objects must be turned off.WindowsDISA Windows Vista STIG v6r41
3.124 - Audit of Backup and Restore Privileges is not turned off.WindowsDISA Windows Vista STIG v6r41
AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all.UnixDISA STIG AIX 7.x v2r9
AMLS-L3-000270 - The Arista Multilayer Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks - DoS attacks.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.AristaDISA STIG Arista MLS EOS 4.2x L2S v1r1
ARST-RT-000290 - The MPLS router with RSVP-TE enabled must be configured with message pacing or refresh reduction to adjust maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000310 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000320 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.AristaDISA STIG Arista MLS EOS 4.2x Router v1r1
Big Sur - Limit Impact of Denial of Service AttacksUnixNIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - options allow-queryUnixDISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - recursionUnixDISA BIND 9.x STIG v2r2
BIND-9X-001054 - A BIND 9.x server implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks - zone allow-queryUnixDISA BIND 9.x STIG v2r2
CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.CiscoDISA STIG Cisco ASA FW v1r4
Catalina - Limit Impact of Denial of Service AttacksUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.CiscoDISA STIG Cisco IOS XE Switch L2S v2r5
CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.CiscoDISA STIG Cisco IOS Switch L2S v2r4
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.CiscoDISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.CiscoDISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.CiscoDISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000610 - The MPLS switch with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core switches.CiscoDISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000610 - The MPLS switch with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core switches.CiscoDISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.CiscoDISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.CiscoDISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000700 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.CiscoDISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000700 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.CiscoDISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications - QoS policy in accordance with the QoS DODIN Technical Profile.CiscoDISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications - QoS policy in accordance with the QoS DODIN Technical Profile.CiscoDISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications - QoS policy in accordance with the QoS DODIN Technical Profile.CiscoDISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications - QoS policy in accordance with the QoS DODIN Technical Profile.CiscoDISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.CiscoDISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial of service (DoS) attacks.CiscoDISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks - DoS attacks.CiscoDISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks - DoS attacks.CiscoDISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.CiscoDISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.CiscoDISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.CiscoDISA STIG Cisco NX-OS Switch RTR v2r3
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-002770 - Docker Enterprise container health must be checked at runtime.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-002780 - PIDs cgroup limits must be used in Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EX13-EG-000095 - Exchange Outbound Connection Timeout must be 10 minutes or less.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5