myctrl.tools
Compare

SC-5(3)Detection And Monitoring

>Control Description

a

Employ the following monitoring tools to detect indicators of denial-of-service attacks against, or launched from, the system: organization-defined monitoring tools; and

b

Monitor the following system resources to determine if sufficient resources exist to prevent effective denial-of-service attacks: organization-defined system resources.

>Cross-Framework Mappings

SCF

CAP-01
Compare

>Supplemental Guidance

Organizations consider the utilization and capacity of system resources when managing risk associated with a denial of service due to malicious attacks. Denial-of-service attacks can originate from external or internal sources. System resources that are sensitive to denial of service include physical disk storage, memory, and CPU cycles.

Techniques used to prevent denial-of-service attacks related to storage utilization and capacity include instituting disk quotas, configuring systems to automatically alert administrators when specific storage capacity thresholds are reached, using file compression technologies to maximize available storage space, and imposing separate partitions for system and user data.

>Related Controls

CA-7
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of detection and monitoring?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-5(3)?

Technical Implementation:

  • How is detection and monitoring technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that detection and monitoring remains effective as the system evolves?
  • How is separation of duties or partitioning technically enforced?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-5(3)?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.