Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251625 | IDMS-DB-000540 | SV-251625r961167_rule | CCI-001312 | medium |
| Description | ||||
| Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur. | ||||
| STIG | Date | |||
| CA IDMS Security Technical Implementation Guide | 2024-09-13 | |||
Details
Check Text (C-251625r961167_chk)
Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue.
If database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.
Fix Text (F-55014r807741_fix)
Configure custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.