CCI-002385

The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Implementation Guidance

The organization being inspected/assessed configures the information system to protect against or limits the effects of types of denial of service attacks defined in SC-5, CCI 1093 by employing security safeguards defined in SC-5, CCI 2386. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 2385.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to protect against or limits the effects of types of denial of service attacks defined in SC-5, CCI 1093 by employing security safeguards defined in SC-5, CCI 2386. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 2385.

Compelling Evidence

1.) Configuration documentation on how organization configures the information system to protect against or limits the effects of types of DoS attacks defined in SC-5, CCI 1093 by employing security safeguards defined in SC-5, CCI 2386. 2.) Applicable STIG/SRG checks.

The controls below (if any) were marked by NIST as being related to CCI-002385.