In support of information flow requirements, applications must track problems associated with information transfer.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32231	SRG-APP-000061-DB-NA	SV-42548r1_rule		Medium

Description
When an application transfers data, there is the chance an error or problem with the data transfer may occur. Applications need to track failures and any problems encountered when performing data transfers so problems can be identified and remediated. Some potential issues with a failed or problematic data transfer include: leaving sensitive data in a processing queue indefinitely, partial or incomplete data transfers, and corrupted data transfers. Tracking problems with data transfers also serves to create a forensic record that can be retained to assist in investigations regarding the flow of application data. This requirement is specific to network devices designed to perform information flow control. This requirement is NA for databases.

Description

When an application transfers data, there is the chance an error or problem with the data transfer may occur. Applications need to track failures and any problems encountered when performing data transfers so problems can be identified and remediated. Some potential issues with a failed or problematic data transfer include: leaving sensitive data in a processing queue indefinitely, partial or incomplete data transfers, and corrupted data transfers. Tracking problems with data transfers also serves to create a forensic record that can be retained to assist in investigations regarding the flow of application data. This requirement is specific to network devices designed to perform information flow control. This requirement is NA for databases.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40740r1_chk )
This check is NA for databases.

Fix Text (F-36155r1_fix)
This fix is NA for databases.