NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-5(2)Capacity, Bandwidth, and Redundancy

Manage capacity, bandwidth, or other redundancy to limit the effects of information flooding denial-of-service attacks.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Managing capacity ensures that sufficient capacity is available to counter flooding attacks. Managing capacity includes establishing selected usage priorities, quotas, partitioning, or load balancing.

Practitioner Notes

This enhancement focuses on having enough capacity, bandwidth, and redundancy to survive a denial-of-service attack. The goal is to absorb the attack rather than go offline.

Example 1: Deploy your critical web applications behind a CDN like Cloudflare or Akamai that can absorb massive traffic spikes. The CDN has far more bandwidth than any single attacker, so your origin servers stay available.

Example 2: Set up redundant DNS servers with different providers (for example, Route 53 and Cloudflare DNS). If one DNS provider is attacked, the other continues resolving your domain names so customers can still reach you.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability