UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must identify potentially security-relevant error conditions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32569 SRG-APP-000265-DB-000161 SV-42906r1_rule Medium
Description
The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the application is able to identify and handle error conditions is guided by organizational policy and operational requirements. Database logs can be monitored for specific security related errors. Any error that can have a negative effect on database security should be quickly identified and forwarded to the appropriate personnel. If security-relevant error conditions are not identified by the DBMS they may be overlooked by the personnel responsible for addressing them.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-41008r2_chk )
Check DBMS settings to determine whether security related error conditions are monitored and whether appropriate personnel are notified. If security related error conditions are not being monitored for, this is a finding.

If appropriate personnel are not alerted when a security related error condition is found, this is a finding.
Fix Text (F-36484r2_fix)
Configure DBMS to monitor for security related error conditions.

Configure DBMS to alert appropriate personnel when security related error conditions are found.