An error occurred:

Check: IDMS-DB-000880

CA IDMS STIG: IDMS-DB-000880 (in versions v1 r2 through v1 r1)

Title

IDMS must check for invalid data and behave in a predictable manner when encountered. (Cat II impact)

Discussion

A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.

Check Content

If data inputs are specifically identified by the organization as exempt from validity checks, this is not applicable. If SQL-defined tables, DISPLAY TABLE <schema-name>.<table-name> . If there is not a CHECK for the columns and accompanying accepted values, this is a finding. If network-defined records, DISPLAY SCHEMA or DISPLAY RECORD. If there is no CALL to a procedure BEFORE STORE and BEFORE MODIFY, this is a finding. If the procedure does not validate the non-exempt columns, this is a finding. Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid. Review the source code for checks, procedures, and edits to identify how the system responds to invalid input. If it does not implement the documented behavior, this is a finding.

Fix Text

Revise and deploy source code changes for checks, procedures, and edits to implement the documented behavior. For SQL-defined tables, ALTER TABLE <schema-name>.<table-name> ADD CHECK (search-condition). For network-defined records, MODIFY <record-name> CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values. Other applications and front-ends using mapping can use the automatic editing feature and edit and code tables to verify that an input value is valid.

Additional Identifiers

Rule ID: SV-251649r855288_rule

Vulnerability ID: V-251649

Group Title: SRG-APP-000447-DB-000393

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002754

The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-10 (3)

Predictable Behavior