The IAO will ensure protections against DoS attacks are implemented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16839	APP6080	SV-17839r1_rule	DCSQ-1	Medium

Description
Known threats documented in the threat model should be mitigated, to prevent DoS type attacks.

STIG	Date
Application Security and Development Checklist	2014-12-22

Details

Check Text ( C-17845r1_chk )
Ask the application representative to review the threat model for DoS attacks. Verify the mitigation for DoS attacks are implemented from the threat model. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. 1) If the mitigation from the threat model for DoS attacks are not implemented, it is a finding.

Check Text ( C-17845r1_chk )

Ask the application representative to review the threat model for DoS attacks. Verify the mitigation for DoS attacks are implemented from the threat model.

If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable.

1) If the mitigation from the threat model for DoS attacks are not implemented, it is a finding.

Fix Text (F-17159r1_fix)
Implement mitigations from the threat model for DOS attacks.