CCI|CCI-002385

Title

The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.097 - The system is configured for a greater keep-alive time than recommended.WindowsDISA Windows Vista STIG v6r41
3.101 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.WindowsDISA Windows Vista STIG v6r41
3.104 - The system is configured to detect and configure default gateway addresses.WindowsDISA Windows Vista STIG v6r41
5.098 - The system must limit how many times unacknowledged TCP data is retransmitted.WindowsDISA Windows Vista STIG v6r41
5.239 - Windows Explorer - Heap TerminationWindowsDISA Windows Vista STIG v6r41
AIX7-00-003097 - AIX must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AIX is implementing rate-limiting measures on impacted network interfaces - bos.net.tcp.client_coreUnixDISA STIG AIX 7.x v2r5
AIX7-00-003097 - AIX must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AIX is implementing rate-limiting measures on impacted network interfaces - clean_partial_connsUnixDISA STIG AIX 7.x v2r5
AMLS-L3-000260 - The Arista Multilayer Switch must ensure all Exterior Border Gateway Protocol (eBGP) routers are configured to use Generalized TTL Security Mechanism (GTSM) or are configured to meet RFC3682.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - apachectlUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - apachectlUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - httpd pidUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - httpd pidUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - serviceUnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000820 - The Apache web server must be protected from being stopped by a non-privileged user - serviceUnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U2-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.UnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000590 - The Apache web server must be tuned to handle the operational requirements of the hosted application.UnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W1-000820 - The Apache web server must be protected from being stopped by a non-privileged user.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000830 - The Apache web server must be tuned to handle the operational requirements of the hosted application.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network InterfacesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection.CiscoDISA STIG Cisco ASA FW v1r2
CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of Denial of Service (DoS) attacks by enabling the Threat Detection featureCiscoDISA STIG Cisco ASA NDM v1r1
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.CiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.CiscoDISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches.CiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports - BPDU Guard enabled on all user-facing or untrusted access switch ports.CiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports - BPDU Guard enabled on all user-facing or untrusted access switch ports.CiscoDISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000100 - The Cisco switch must have Bridge Protocol Data Unit (BPDU) Guard enabled on all user-facing or untrusted access switch ports.CiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree loopguardCiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree modeCiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled - spanning-tree loopguardCiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled - spanning-tree modeCiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled.CiscoDISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled.CiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled.CiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled.CiscoDISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snoopingCiscoDISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snoopingCiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snoopingCiscoDISA STIG Cisco IOS XE Switch L2S v2r2
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping vlanCiscoDISA STIG Cisco IOS Switch L2S v2r2
CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping vlanCiscoDISA STIG Cisco NX-OS Switch L2S v2r1