Protections against DoS attacks must be implemented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-222667 | APSC-DV-003320 | SV-222667r961863_rule | CCI-002386 | medium |
| Description | ||||
| Known DoS threats documented in the threat model should be mitigated, to prevent DoS type attacks. | ||||
| STIG | Date | |||
| Application Security and Development Security Technical Implementation Guide | 2025-02-12 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-5
1.00
- DISA · 6 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-002386
1.00
- DISA · 6 · disa_xccdf · related
Details
Check Text (C-222667r961863_chk)
Ask the application representative for the threat model document.
Examine the threat model document and determine if DoS attacks are specified as a threat.
If there are no DoS threats identified in the threat model, the requirement is not applicable.
Verify the mitigations provided for DoS attacks are implemented from the threat model.
If mitigations for DoS attacks are identified in the threat model but are not implemented, this is a finding.
Fix Text (F-24326r493910_fix)
Implement mitigations from the threat model for DOS attacks.