SC-5 - Denial of Service Protection

Control requirements

SC-5 - 0

The information system protects against or limits the effects of the following types of denial of service attacks: [IBM Assignment: application and volumetric based attacks (OSI layers 3, 4, 6, and 7)] by employing [IBM Assignment: annual testing of the documented DoS and DDoS mitigation technologies].

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Accessing the public internet
• Connectivity to IBM Cloud services with private endpoints
• Consumer connectivity to workload VPC
• Creating and connecting the management and workload VPCs

NIST supplemental guidance

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.