STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must configure the control plane to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself by configuring applicable system options and internet-options.

DISA Rule

SV-242660r714290_rule

Vulnerability Number

V-242660

Group Title

SRG-APP-000435-NDM-000315

Rule Version

CSCO-NM-000550

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the system and system-options to protect against DoS attacks. These are examples of setting that should be adjusted to limit DoS attacks. The exact values will vary based on site traffic.

Use the synflood-limit to configure a TCP SYN packet rate limit.

To configure the limit of TCP/UDP/ICMP packets from a source IP address, use the rate-limit command in configuration mode.

Check Contents

Verify the system and system-options are configured to protect against DoS attacks.

If the system and system-options that limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.

Vulnerability Number

V-242660

Documentable

False

Rule Version

CSCO-NM-000550

Severity Override Guidance

Verify the system and system-options are configured to protect against DoS attacks.

If the system and system-options that limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.

Check Content Reference

M

Target Key

5384

Comments