NIST 800-53 r5 · Controls catalogue · Family SC
SC-5Denial-of-service Protection
{{ insert: param, sc-05_odp.02 }} the effects of the following types of denial-of-service events: {{ insert: param, sc-05_odp.01 }} ; and Employ the following controls to achieve the denial-of-service objective: {{ insert: param, sc-05_odp.03 }}.
Last updated: 19 May 2026 20:20 UTC
Implementations targeting this control (1)
- aws-config-guardduty-enabled-centralized Guardduty Enabled Centralized AWS::GuardDuty::Detector partial detect enforce
ATT&CK techniques this control mitigates (1)
- T1496.003 SMS Pumping Impact
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,367 | Directly limits uncontrolled resource consumption that leads to denial-of-service. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 2,023 | Requires throttling and limits on resource allocation to prevent exhaustion. |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | 936 | Detects and mitigates infinite loops that produce sustained resource consumption. |
CWE-674 | Uncontrolled Recursion | 458 | Prevents uncontrolled recursion that exhausts stack or CPU resources. |
CWE-407 | Inefficient Algorithmic Complexity | 87 | Addresses inefficient algorithms whose complexity can be exploited for DoS. |
CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | 52 | Limits effects of data amplification from compressed or malicious inputs. |
CWE-405 | Asymmetric Resource Consumption (Amplification) | 42 | Employs controls that mitigate amplification attacks causing asymmetric resource use. |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | 16 | Implements network message volume controls to block amplification DoS vectors. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-31283 UPD | 2.0 | 9.8 | 0.0006 | good |
CVE-2024-12705 | 1.8 | 7.5 | 0.0562 | good |
CVE-2025-58349 | 1.8 | 9.1 | 0.0006 | good |
CVE-2024-2878 | 1.8 | 7.5 | 0.0462 | good |
CVE-2024-37358 | 1.8 | 8.6 | 0.0076 | good |
CVE-2025-55222 | 1.7 | 8.6 | 0.0008 | good |
CVE-2025-26819 | 1.7 | 8.6 | 0.0012 | good |
CVE-2025-23417 | 1.7 | 8.6 | 0.0008 | good |
CVE-2025-55221 | 1.7 | 8.6 | 0.0008 | good |
CVE-2024-48882 | 1.7 | 8.6 | 0.0008 | good |
CVE-2024-12537 | 1.7 | 7.5 | 0.0267 | good |
CVE-2026-26130 | 1.7 | 7.5 | 0.0363 | good |
CVE-2025-30256 | 1.7 | 8.6 | 0.0013 | good |
CVE-2026-34045 | 1.6 | 8.2 | 0.0008 | good |
CVE-2026-35457 UPD | 1.6 | 8.2 | 0.0008 | good |
CVE-2025-21389 | 1.6 | 7.5 | 0.0239 | good |
CVE-2026-7402 | 1.6 | 8.1 | 0.0001 | good |
CVE-2024-46668 | 1.6 | 7.5 | 0.0209 | good |
CVE-2026-5440 | 1.6 | 7.5 | 0.0189 | good |
CVE-2018-25108 | 1.6 | 7.5 | 0.0118 | good |
CVE-2025-21289 | 1.6 | 7.5 | 0.0131 | good |
CVE-2025-27419 | 1.6 | 7.5 | 0.0089 | good |
CVE-2020-36907 | 1.6 | 7.5 | 0.0084 | good |
CVE-2025-1059 | 1.5 | 7.5 | 0.0067 | good |
CVE-2026-33483 | 1.5 | 7.5 | 0.0058 | good |