SC-5: Denial Of Service Protection
Control Family:
Threats Addressed:
Baselines:
- Low
- SC-5
- Moderate
- SC-5
- High
- SC-5
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SC-5: Denial-of-service Protection
Control Statement
The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].
Supplemental Guidance
A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.
Control Enhancements
SC-5(1): Restrict Internal Users
Baseline(s):
The information system restricts the ability of individuals to launch [Assignment: organization-defined denial of service attacks] against other information systems.
SC-5(2): Excess Capacity / Bandwidth / Redundancy
Baseline(s):
The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.
SC-5(3): Detection / Monitoring
Baseline(s):
The organization: Employs [Assignment: organization-defined monitoring tools] to detect indicators of denial of service attacks against the information system; and Monitors [Assignment: organization-defined information system resources] to determine if sufficient resources exist to prevent effective denial of service attacks.