An error occurred:

Check: IDMS-DB-000540

CA IDMS STIG: IDMS-DB-000540 (in versions v1 r2 through v1 r1)

Title

Custom database code and associated application code must not contain information beyond what is needed for troubleshooting. (Cat II impact)

Discussion

Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur.

Check Content

Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue. If database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.

Fix Text

Configure custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.

Additional Identifiers

Rule ID: SV-251625r807742_rule

Vulnerability ID: V-251625

Group Title: SRG-APP-000266-DB-000162

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001312

The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-11

Error Handling