NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION
SC-5 — Denial-of-service Protection
{{ insert: param, sc-05_odp.02 }} the effects of the following types of denial-of-service events: {{ insert: param, sc-05_odp.01 }} ; and Employ the following controls to achieve the denial-of-service objective: {{ insert: param, sc-05_odp.03 }}.
Supplemental Guidance
Denial-of-service events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of denial-of-service events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of denial-of-service attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to denial-of-service events.
Practitioner Notes
Denial-of-service (DoS) protection means making sure your systems stay available even when someone tries to overwhelm them with traffic or requests. You need to both detect and limit the effects of these attacks.
Example 1: Place a web application firewall (WAF) like AWS WAF or Cloudflare in front of your public-facing websites. Configure rate limiting to cap requests per IP address and enable DDoS protection rules that automatically block traffic patterns that match known attack signatures.
Example 2: On your perimeter firewall (Palo Alto, Fortinet), enable flood protection settings — SYN flood thresholds, ICMP rate limiting, and UDP flood detection. Set alerts in your SIEM to notify your team when traffic volumes exceed normal baselines by more than 200 percent.