Navigate

SC-5 (3)

SC-5 (3): Detection / Monitoring

The organization:

SC-5 (3)(a): Employs [Assignment: organization-defined monitoring tools] to detect indicators of denial of service attacks against the information system; and

SC-5 (3)(b): Monitors [Assignment: organization-defined information system resources] to determine if sufficient resources exist to prevent effective denial of service attacks.

Supplemental

Organizations consider utilization and capacity of information system resources when managing risk from denial of service due to malicious attacks. Denial of service attacks can originate from external or internal sources. Information system resources sensitive to denial of service include, for example, physical disk storage, memory, and CPU cycles. Common safeguards to prevent denial of service attacks related to storage utilization and capacity include, for example, instituting disk quotas, configuring information systems to automatically alert administrators when specific storage capacity thresholds are reached, using file compression technologies to maximize available storage space, and imposing separate partitions for system and user data.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	moderate

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-5 (3).

Control	Description
CA-7	The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored; CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring; CA-7f.: Response actions to address results of the analysis of security-related information; and CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].
SI-4	The organization: SI-4a.: Monitors the information system to detect: SI-4a.1.: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and SI-4a.2.: Unauthorized local, network, and remote connections; SI-4b.: Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods]; SI-4c.: Deploys monitoring devices: SI-4c.1.: Strategically within the information system to collect organization-determined essential information; and SI-4c.2.: At ad hoc locations within the system to track specific types of transactions of interest to the organization; SI-4d.: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion; SI-4e.: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information; SI-4f.: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and SI-4g.: Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Control

Description

CA-7

The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes:

CA-7a.: Establishment of [Assignment: organization-defined metrics] to be monitored;

CA-7b.: Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring;

CA-7c.: Ongoing security control assessments in accordance with the organizational continuous monitoring strategy;

CA-7d.: Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy;

CA-7e.: Correlation and analysis of security-related information generated by assessments and monitoring;

CA-7f.: Response actions to address results of the analysis of security-related information; and

CA-7g.: Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency].

SI-4

The organization:

SI-4a.: Monitors the information system to detect:
- SI-4a.1.: Attacks and indicators of potential attacks in accordance with [Assignment: organization-defined monitoring objectives]; and
- SI-4a.2.: Unauthorized local, network, and remote connections;

SI-4b.: Identifies unauthorized use of the information system through [Assignment: organization-defined techniques and methods];

SI-4c.: Deploys monitoring devices:
- SI-4c.1.: Strategically within the information system to collect organization-determined essential information; and
- SI-4c.2.: At ad hoc locations within the system to track specific types of transactions of interest to the organization;

SI-4d.: Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

SI-4e.: Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and assets, individuals, other organizations, or the Nation based on law enforcement information, intelligence information, or other credible sources of information;

SI-4f.: Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directives, policies, or regulations; and

SI-4g.: Provides [Assignment: organization-defined information system monitoring information] to [Assignment: organization-defined personnel or roles] [Selection (one or more): as needed; [Assignment: organization-defined frequency]].

Enhancements

The controls below (if any) add on to the requirements of SC-5 (3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-5 (3).

CCI	Definition
CCI-002388	The organization defines a list of monitoring tools to be employed to detect indicators of denial of service attacks against the information system.
CCI-002389	The organization employs an organization-defined list of monitoring tools to detect indicators of denial of service attacks against the information system.
CCI-002390	The organization defines the information system resources to be monitored to determine if sufficient resources exist to prevent effective denial of service attacks.
CCI-002391	The organization monitors organization-defined information system resources to determine if sufficient resources exist to prevent effective denial of service attacks.