SCF - TDA-19 - Error Handling
Mechanisms exist to handle error conditions by:
- Identifying potentially security-relevant error conditions;
- Generating error messages that provide information necessary for corrective actions without revealing sensitive or potentially harmful information in error logs and administrative messages that could be exploited; and
- Revealing error messages only to authorized personnel.
Mapped framework controls
NIST 800-53
- SI-11
Control questions
Does the organization handle error conditions by:
- Identifying potentially security-relevant error conditions;
- Generating error messages that provide information necessary for corrective actions without revealing sensitive or potentially harmful information in error logs and administrative messages that could be exploited; and
- Revealing error messages only to authorized personnel?