myctrl.tools
Compare

SC-5(2)Capacity, Bandwidth, And Redundancy

>Control Description

Manage capacity, bandwidth, or other redundancy to limit the effects of information flooding denial-of-service attacks.

>Cross-Framework Mappings

SCF

CAP-02
Compare
CAP-03
Compare

>Supplemental Guidance

Managing capacity ensures that sufficient capacity is available to counter flooding attacks. Managing capacity includes establishing selected usage priorities, quotas, partitioning, or load balancing.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of capacity, bandwidth, and redundancy?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-5(2)?

Technical Implementation:

  • How is capacity, bandwidth, and redundancy technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that capacity, bandwidth, and redundancy remains effective as the system evolves?
  • How is separation of duties or partitioning technically enforced?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-5(2)?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.