STIGQter: STIG Summary: SDN Controller Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Apr 2020:

The SDN controller must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by rate-limiting control-plane communications.

DISA Rule

SV-95487r1_rule

Vulnerability Number

V-80777

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-SDN-000720

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the SDN controller to rate-limit control-plane messages.

Check Contents

Review the SDN controller configuration to determine if it is configured to rate-limit control-plane messages.

If the SDN controller is not configured to rate-limit control-plane messages, this is a finding.

Vulnerability Number

V-80777

Documentable

False

Rule Version

SRG-NET-000362-SDN-000720

Severity Override Guidance

Review the SDN controller configuration to determine if it is configured to rate-limit control-plane messages.

If the SDN controller is not configured to rate-limit control-plane messages, this is a finding.

Check Content Reference

M

Target Key

3333

Comments