Navigate

Check: APSC-DV-003320

Application Security and Development STIG: APSC-DV-003320 (in versions v5 r3 through v4 r2)

Title

Protections against DoS attacks must be implemented. (Cat II impact)

Discussion

Known DoS threats documented in the threat model should be mitigated, to prevent DoS type attacks.

Check Content

Ask the application representative for the threat model document. Examine the threat model document and determine if DoS attacks are specified as a threat. If there are no DoS threats identified in the threat model, the requirement is not applicable. Verify the mitigations provided for DoS attacks are implemented from the threat model. If mitigations for DoS attacks are identified in the threat model but are not implemented, this is a finding.

Fix Text

Implement mitigations from the threat model for DOS attacks.

Additional Identifiers

Rule ID: SV-222667r879887_rule

Vulnerability ID: V-222667

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-002386	The organization defines the security safeguards to be employed to protect the information system against, or limit the effects of, denial of service attacks.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SC-5	Denial Of Service Protection