UCF STIG Viewer Logo

Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251625 IDMS-DB-000540 SV-251625r807742_rule Medium
Description
Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur.
STIG Date
CA IDMS Security Technical Implementation Guide 2021-11-10

Details

Check Text ( C-55060r807740_chk )
Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue.

If database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.
Fix Text (F-55014r807741_fix)
Configure custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.