SC-5 Denial-of-service Protection
Control
a.
[Selection (one or more): protect against; limit] the effects of the following types of denial-of-service events: [at a minimum: ICMP (ping) flood, SYN flood, slowloris, buffer overflow attack, and volume attack] ; and
b.
Employ the following controls to achieve the denial-of-service objective: [Assignment: organization-defined controls by type of denial-of-service event].
Discussion
Denial-of-service events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of denial-of-service events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of denial-of-service attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to denial-of-service events.
FedRAMP-Defined Assignment / Selection Parameters
- SC-5 (a) [Protect against] -
- SC-5 (a) [at a minimum: ICMP (ping) flood, SYN flood, slowloris, buffer overflow attack, and volume attack] - types of denial-of-service events to be protected against or limited are defined;