>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-5Denial-of-service Protection

LI-SaaS
Low
Moderate
High

>Control Description

a

Protect against; Limit the effects of the following types of denial-of-service events: organization-defined types of denial-of-service events; and

b

Employ the following controls to achieve the denial-of-service objective: organization-defined controls by type of denial-of-service event.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Denial-of-service events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of denial-of-service events.

For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of denial-of-service attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to denial-of-service events.

>Cross-Framework Mappings

SCF

CAP-01
Compare
CAP-02
Compare
CAP-03
Compare
NET-02.1
Compare

>Programmatic Queries

Beta

Related Services

AWS Shield
WAF
CloudFront

CLI Commands

Check Shield subscription
aws shield describe-subscription
List Shield protections
aws shield list-protections
Check WAF rate-based rules
aws wafv2 list-web-acls --scope REGIONAL
Get Shield attack statistics
aws shield describe-attack-statistics
Open AWS ConsoleDocumentation

>Relevant Technologies

Technology-specific guidance with authoritative sources and verification commands.

Palo Alto Networks

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of denial-of-service protection?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-5?

Technical Implementation:

  • How is denial-of-service protection technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that denial-of-service protection remains effective as the system evolves?
  • What network boundary protections are in place (firewalls, gateways, etc.)?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-5?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?
  • Can you provide network architecture diagrams and firewall rulesets?

Ask AI

Configure your API key to use AI features.