Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must manage excess bandwidth to limit the effects of packet flooding types of Denial of Service (DoS) attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000193-IDPS-NA | SRG-NET-000193-IDPS-NA | SRG-NET-000193-IDPS-NA_rule | Medium |
| Description |
|---|
| An IDPS experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. HIDS is not within the scope of this document. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43357_chk ) |
|---|
| This requirement does not apply to IDPS. |
| Fix Text (F-43357_fix) |
|---|
| Not applicable for IDPS. No fix required. |