SC-5 (3)

System and Communications ProtectionRev 5system

Denial-of-Service Protection

Control Statement

(a) Employ the following monitoring tools to detect indicators of denial-of-service attacks against, or launched from, the system: [Assignment: monitoring tools] ; and (b) Monitor the following system resources to determine if sufficient resources exist to prevent effective denial-of-service attacks: [Assignment: system resources].

Supplemental Guidance

Organizations consider the utilization and capacity of system resources when managing risk associated with a denial of service due to malicious attacks. Denial-of-service attacks can originate from external or internal sources. System resources that are sensitive to denial of service include physical disk storage, memory, and CPU cycles. Techniques used to prevent denial-of-service attacks related to storage utilization and capacity include instituting disk quotas, configuring systems to automatically alert administrators when specific storage capacity thresholds are reached, using file compression technologies to maximize available storage space, and imposing separate partitions for system and user data.

Related Controls (2)

CA-7 SI-4

CCI Identifiers (4)

CCI-002390Defines the system resources to be monitored to determine if sufficient resources exist to prevent effective denial-of-service attacks.CCI-002388Defines the monitoring tools to be employed to detect indicators of denial-of-service attacks against the system.CCI-002391Monitor organization-defined system resources to determine if sufficient resources exist to prevent effective denial-of-service attacks.CCI-002389Employ organization-defined monitoring tools to detect indicators of denial-of-service attacks against, or launched from, the system.

Linked STIG Checks (2)

Across 1 STIGs. Click to expand.