Establish, implement, and maintain rate limiting filters.

CONTROL ID
06883

CONTROL TYPE
Business Processes

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Establish, implement, and maintain a performance management standard., CC ID: 01615

This Control has the following implementation support Control(s):

Establish, implement, and maintain system capacity monitoring procedures., CC ID: 01619
Establish, implement, and maintain system performance monitoring procedures., CC ID: 11752

Does the organization use rate-limiting filters? (Table Row V.14, OECD / World Bank Technology Risk Checklist, Version 7.3)
Any memorized secret used by the authenticator for activation SHALL be a randomly-chosen numeric secret at least 6 decimal digits in length or other memorized secret meeting the requirements of Section 5.1.1.2 and SHALL be rate limited as specified in Section 5.2.2. A biometric activation factor SHA… (5.1.5.1 ¶ 6, Digital Identity Guidelines: Authentication and Lifecycle Management, NIST SP 800-63B)
The information system enforces configurable network communications traffic volume thresholds reflecting limits on auditing capacity and [Selection: rejects; delays] network traffic above those thresholds. (AU-5(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity and [Selection: reject; delay] network traffic above those thresholds. (AU-5(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Enforce configurable network communications traffic volume thresholds reflecting limits on audit log storage capacity and [Selection: reject; delay] network traffic above those thresholds. (AU-5(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)