myctrl.tools
Compare

SC-5(1)Restrict Ability To Attack Other Systems

>Control Description

Restrict the ability of individuals to launch the following denial-of-service attacks against other systems: organization-defined denial-of-service attacks.

>Cross-Framework Mappings

SCF

CAP-02
Compare

>Supplemental Guidance

Restricting the ability of individuals to launch denial-of-service attacks requires the mechanisms commonly used for such attacks to be unavailable. Individuals of concern include hostile insiders or external adversaries who have breached or compromised the system and are using it to launch a denial-of-service attack. Organizations can restrict the ability of individuals to connect and transmit arbitrary information on the transport medium (i.e., wired networks, wireless networks, spoofed Internet protocol packets).

Organizations can also limit the ability of individuals to use excessive system resources. Protection against individuals having the ability to launch denial-of-service attacks may be implemented on specific systems or boundary devices that prohibit egress to potential target systems.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of restrict ability to attack other systems?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-5(1)?

Technical Implementation:

  • How is restrict ability to attack other systems technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that restrict ability to attack other systems remains effective as the system evolves?
  • What network boundary protections are in place (firewalls, gateways, etc.)?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-5(1)?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?
  • Can you provide network architecture diagrams and firewall rulesets?

Ask AI

Configure your API key to use AI features.