SC-5 - Denial of Service Protection
Control requirements
- SC-5 - 0
- The information system protects against or limits the effects of the following types of denial of service attacks: [IBM Assignment: application and volumetric based attacks (OSI layers 3, 4, 6, and 7)] by employing [IBM Assignment: annual testing of the documented DoS and DDoS mitigation technologies].
Implementation guidance
See the resources that follow to learn more about how to implement this control.
NIST supplemental guidance
A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.