Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72689 | VROM-CS-000250 | SV-87321r1_rule | Medium |
Description |
---|
A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input. |
STIG | Date |
---|---|
vRealize - Cassandra Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-72845r1_chk ) |
---|
Review the Cassandra Server to ensure that it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. Open the "cqlsh" prompt in the Cassandra Server and type "DESCRIBE KEYSPACES;". Type "DESCRIBE Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "logback.xml"". Open "logback.xml" file and review "level" parameter value under If level is not set to "ALL", this is a finding. |
Fix Text (F-79093r1_fix) |
---|
Configure the Cassandra Server to behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. Modify tables by adding constraints (CREATE TRIGGER IF NOT EXISTS |