The application must only generate error messages that provide information necessary for corrective actions without revealing organization defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36279	SRG-APP-266-NA	SV-47683r1_rule		Medium

Description
Any application providing too much information in error logs and in administrative messages to the screen risks compromising the data and security of the application and system. The structure and content of error messages needs to be carefully considered by the organization and development team. Rationale for non-applicability: This requirement is better specified by other audit related CCIs. CCI-001314 ensures that only the MDM server Administrator has access to error messages.

Description

Any application providing too much information in error logs and in administrative messages to the screen risks compromising the data and security of the application and system. The structure and content of error messages needs to be carefully considered by the organization and development team. Rationale for non-applicability: This requirement is better specified by other audit related CCIs. CCI-001314 ensures that only the MDM server Administrator has access to error messages.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44519r1_chk )
This requirement is NA for the MDM server SRG.

Fix Text (F-40809r1_fix)
The requirement is NA. No fix is required.