SC-5: Denial Of Service Protection

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:


  • Low
    • SC-5
  • Moderate
    • SC-5
  • High
    • SC-5

Next Version:

Control Statement

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental Guidance

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.

Control Enhancements

SC-5(1): Restrict Internal Users


(Not part of any baseline)

The information system restricts the ability of individuals to launch [Assignment: organization-defined denial of service attacks] against other information systems.

SC-5(3): Detection / Monitoring


(Not part of any baseline)

The organization: Employs [Assignment: organization-defined monitoring tools] to detect indicators of denial of service attacks against the information system; and Monitors [Assignment: organization-defined information system resources] to determine if sufficient resources exist to prevent effective denial of service attacks.