SC-5: Denial-of-service Protection

SC-5: Denial-of-service Protection ()

a. [Selection: Protect against; Limit] the effects of the following types of denial-of-service events: [Assignment: organization-defined types of denial-of-service events]; and
b. Employ the following controls to achieve the denial-of-service objective: [Assignment: organization-defined controls by type of denial-of-service event].


Control Identifier	SC-5
Latest Sync Date	19/12/24 09:18:14
Discussion	Denial-of-service events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of denial-of-service events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of denial-of-service attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to denial-of-service events.
Related Controls	CP-2, IR-4, SC-6, SC-7, SC-40.



1. API inbound security pattern [Threat Model]
[WIP] 2. API inbound security pattern [Control Realization] - improvement proposal
2. API inbound security pattern [Control Realization]
NIST 800-53 Controls Catalogue
1. Outbound web security pattern [Threat Model]
2. Outbound web security pattern [Control Realization]



		SC-5: Denial-of-service Protection	CAPEC-125: Flooding
		SC-5: Denial-of-service Protection	SP-TE-23: Adversary in the middle attack or network traffic modification
		WAF	SC-5: Denial-of-service Protection
		BB-21: Distributed denial of service protection service	SC-5: Denial-of-service Protection
		Proxying service	SC-5: Denial-of-service Protection