Implement Function Invocation Rate Limits

CCC.SvlsComp.C02: Implement Function Invocation Rate Limits

Control ID:CCC.SvlsComp.C02

Title:Implement Function Invocation Rate Limits

Objective:Ensure that function invocation is limited to a specified threshold from any single entity, preventing resource exhaustion and denial of service attacks.

Control Family:

Availability

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH12	Resource Constraints are Exhausted	Exceeding the resource constraints through excessive consumption, resource-intensive operations, or lowering of rate-limit thresholds can impact the availability of elements such as memory, CPU, or storage. This may disrupt availability of the service or child resources by denying the associated functionality to users. If the impacted system is not designed to expect such a failure, the effect could also cascade to other services and resources.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.F19	Resource Scaling	The service may be configured to scale child resources automatically or on-demand.

Guideline Mappings

Reference ID	Entry ID	Strength	Remarks
NIST-CSF	PR.DS-4	0	Adequate capacity to ensure availability
NIST_800_53	SC-5	0	Denial of Service Protection

Assessment Requirements

ID	Description	Applicability
CCC.SvlsComp.C02.TR01	Send requests to invoke the function up to the allowed threshold and confirm they are successful; then send additional requests exceeding the threshold from the same entity and verify that they are denied.	tlp-red tlp-amber