NIST 800-53 r5 · Controls catalogue · Family SC
SC-5Denial-of-service Protection
{{ insert: param, sc-05_odp.02 }} the effects of the following types of denial-of-service events: {{ insert: param, sc-05_odp.01 }} ; and Employ the following controls to achieve the denial-of-service objective: {{ insert: param, sc-05_odp.03 }}.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: partial · 3 mapping(s) from 2 framework(s): CSF 2.0 2 (partial) · ASVS 5.0 1 (partial)
Implementations targeting this control (1)
- aws-config-guardduty-enabled-centralized Guardduty Enabled Centralized AWS::GuardDuty::Detector partial detect enforce
ATT&CK techniques this control mitigates (1)
- T1496.003 SMS Pumping Impact
Weaknesses this control addresses (8)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-400 | Uncontrolled Resource Consumption | 3,572 | Directly limits uncontrolled resource consumption that leads to denial-of-service. |
CWE-770 | Allocation of Resources Without Limits or Throttling | 2,210 | Requires throttling and limits on resource allocation to prevent exhaustion. |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | 983 | Detects and mitigates infinite loops that produce sustained resource consumption. |
CWE-674 | Uncontrolled Recursion | 503 | Prevents uncontrolled recursion that exhausts stack or CPU resources. |
CWE-407 | Inefficient Algorithmic Complexity | 114 | Addresses inefficient algorithms whose complexity can be exploited for DoS. |
CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | 72 | Limits effects of data amplification from compressed or malicious inputs. |
CWE-405 | Asymmetric Resource Consumption (Amplification) | 48 | Employs controls that mitigate amplification attacks causing asymmetric resource use. |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | 16 | Implements network message volume controls to block amplification DoS vectors. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-45498 KEV UPD | 10.0 | 4.0 | 0.6308 | good |
CVE-2024-20481 KEV | 10.0 | 5.8 | 0.1595 | good |
CVE-2023-44487 KEV | 10.0 | 7.5 | 1.0000 | good |
CVE-2023-38180 KEV | 10.0 | 7.5 | 0.1552 | good |
CVE-2020-3566 KEV | 10.0 | 8.6 | 0.0363 | good |
CVE-2018-0180 KEV | 10.0 | 5.9 | 0.0505 | good |
CVE-2018-0179 KEV | 10.0 | 5.9 | 0.0505 | good |
CVE-2018-0154 KEV | 10.0 | 7.5 | 0.0707 | good |
CVE-2017-6663 KEV | 10.0 | 6.5 | 0.0214 | good |
CVE-2017-12238 KEV | 10.0 | 6.5 | 0.0203 | good |
CVE-2017-12237 KEV | 10.0 | 7.5 | 0.0694 | good |
CVE-2017-12234 KEV | 10.0 | 7.5 | 0.0694 | good |
CVE-2026-28318 KEV UPD | 10.0 | 7.5 | 0.1066 | good |
CVE-2025-21285 | 8.0 | 7.5 | 0.5484 | good |
CVE-2023-50387 | 8.0 | 7.5 | 1.0000 | good |
CVE-2024-31309 UPD | 8.0 | 7.5 | 0.9462 | good |
CVE-2023-28302 | 8.0 | 7.5 | 0.9356 | good |
CVE-2023-21758 | 8.0 | 7.5 | 0.9160 | good |
CVE-2023-45288 | 8.0 | 7.5 | 0.9197 | good |
CVE-2023-21769 | 8.0 | 7.5 | 0.9152 | good |
CVE-2024-27316 UPD | 8.0 | 7.5 | 0.9133 | good |
CVE-2022-30522 | 8.0 | 7.5 | 0.9041 | good |
CVE-2024-27983 UPD | 8.0 | 8.2 | 0.8721 | good |
CVE-2023-21547 | 8.0 | 7.5 | 0.8823 | good |
CVE-2024-27919 UPD | 8.0 | 7.5 | 0.8675 | good |