SC-5 DENIAL OF SERVICE PROTECTION

Page last updated:

PCF Compliance

As described in the corresponding reference architecture documentation, the PCF PAS deployment depends upon the presence of an IaaS firewall and load balancer infrastructure. The PCF deployment will therefore inherit whatever DDOS protections are provided at the perimeter of the deployment.

Pivotal Cloud Foundry also supports the use of Route Services, which can be used to add additional application-level (layer 7) protection.

In addition, PCF itself employs rate limiting techniques to protect against DOS attacks on, e.g. the Cloud Controller.


Control Description

The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Supplemental Guidance

A variety of technologies exist to limit, or in some cases, eliminate the effects of denial of service attacks. For example, boundary protection devices can filter certain types of packets to protect information system components on internal organizational networks from being directly affected by denial of service attacks. Employing increased capacity and bandwidth combined with service redundancy may also reduce the susceptibility to denial of service attacks.