Navigate

CCI-001314

CCI-001314 Definition

The information system reveals error messages only to organization-defined personnel or roles.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed configures the information system to reveal error messages only to the ISSO, ISSM, and SCA. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1314. DoD has defined the personnel or roles as the ISSO, ISSM, and SCA.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to reveal error messages only to the ISSO, ISSM, and SCA. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1314. DoD has defined the personnel or roles as the ISSO, ISSM, and SCA.

Compelling Evidence

1.) Signed and dated System security plan defines who is authorized to receive error messages. 2.) Protection software configuration documentation only transmits error message alerts to authorized personnel.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001314.

Control	Description
SI-11	The information system: SI-11a.: Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and SI-11b.: Reveals error messages only to [Assignment: organization-defined personnel or roles].