Detections
Analytics

800-53|SI-10

Title

INFORMATION INPUT VALIDATION

Description

The information system checks the validity of [Assignment: organization-defined information inputs].

Supplemental

Checking the valid syntax and semantics of information system inputs (e.g., character set, length, numerical range, and acceptable values) verifies that inputs match specified definitions for format and content. Software applications typically follow well-defined protocols that use structured messages (i.e., commands or queries) to communicate between software modules or system components. Structured messages can contain raw or unstructured data interspersed with metadata or control information. If software applications use attacker-supplied inputs to construct structured messages without properly encoding such messages, then the attacker could insert malicious commands or special characters that can cause the data to be interpreted as control information or metadata. Consequently, the module or component that receives the tainted output will perform the wrong operations or otherwise interpret the data incorrectly. Prescreening inputs prior to passing to interpreters prevents the content from being unintentionally interpreted as commands. Input validation helps to ensure accurate and correct inputs and prevent attacks such as cross-site scripting and a variety of injection attacks.

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.1 Configure maxAllowedContentLength Request Filter - ApplicationsWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.1 Configure maxAllowedContentLength Request Filter - DefaultWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.2 Configure maxURL Request Filter - ApplicationsWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.2 Configure maxURL Request Filter - DefaultWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.3 Configure MaxQueryString Request Filter - ApplicationsWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.3 Configure MaxQueryString Request Filter - DefaultWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.4 Disallow non-ASCII Characters in URLs - ApplicationsWindowsCIS IIS 8.0 v1.4.0 Level 2
1.4.4 Disallow non-ASCII Characters in URLs - DefaultWindowsCIS IIS 8.0 v1.4.0 Level 2
1.8.1.2 Ensure 'Custom Markup Warning' is set to EnabledWindowsCIS Microsoft Office Word 2013 v1.1.0
1.8.1.2 Ensure 'Custom Markup Warning' is set to EnabledWindowsCIS Microsoft Office Word 2016 v1.1.0
1.12.8 Do not allow additional path delimiters (verify ALLOW_BACKSLASH is set to false)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
1.12.8 Do not allow additional path delimiters (verify ALLOW_ENCODED_SLASH is set to false)UnixCIS Apache Tomcat5.5/6.0 L2 v1.0
4.1 Ensure 'maxAllowedContentLength' is configuredWindowsCIS IIS 8.0 v1.5.1 Level 2
4.1 Ensure 'maxAllowedContentLength' is configured - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
4.1 Ensure 'maxAllowedContentLength' is configured - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
4.1 Ensure 'maxAllowedContentLength' is configured - DefaultWindowsCIS IIS 7 L2 v1.8.0
4.1 Ensure 'maxAllowedContentLength' is configured - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
4.2 Ensure 'maxURL request filter' is configuredWindowsCIS IIS 8.0 v1.5.1 Level 2
4.2 Ensure 'maxURL request filter' is configured - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
4.2 Ensure 'maxURL request filter' is configured - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
4.2 Ensure 'maxURL request filter' is configured - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
4.2 Ensure 'maxURL request filter' is configured - DefaultWindowsCIS IIS 7 L2 v1.8.0
4.3 Ensure 'MaxQueryString request filter' is configuredWindowsCIS IIS 8.0 v1.5.1 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
4.3 Ensure 'MaxQueryString request filter' is configured - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
4.3 Ensure 'MaxQueryString request filter' is configured - DefaultWindowsCIS IIS 7 L2 v1.8.0
4.4 Ensure non-ASCII characters in URLs are not allowedWindowsCIS IIS 8.0 v1.5.1 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - ApplicationsWindowsCIS IIS 10 v1.1.0 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
4.4 Ensure non-ASCII characters in URLs are not allowed - DefaultWindowsCIS IIS 10 v1.1.0 Level 2
4.4 Ensure non-ASCII characters in URLs are not allowed - DefaultWindowsCIS IIS 7 L2 v1.8.0
6.6 Control the maximum size of a POST request that will be parsed for parameterUnixCIS Apache Tomcat 8 L1 v1.1.0 Middleware
10.8 Do not allow additional path delimiters - ALLOW_BACKSLASHUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
10.8 Do not allow additional path delimiters - ALLOW_BACKSLASHUnixCIS Apache Tomcat 9 L2 v1.0.0
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHUnixCIS Apache Tomcat 9 L2 v1.0.0
10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHUnixCIS Apache Tomcat 9 L2 v1.0.0 Middleware
10.8 Do not allow additional path delimiters (ALLOW_BACKSLASH)UnixCIS Apache Tomcat 7 L2 v1.1.0
10.8 Do not allow additional path delimiters (ALLOW_BACKSLASH)UnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
10.8 Do not allow additional path delimiters (ALLOW_BACKSLASH)UnixCIS Apache Tomcat 8 L2 v1.0.1
10.8 Do not allow additional path delimiters (ALLOW_ENCODED_SLASH)UnixCIS Apache Tomcat 7 L2 v1.1.0 Middleware
10.8 Do not allow additional path delimiters (ALLOW_ENCODED_SLASH)UnixCIS Apache Tomcat 8 L2 v1.0.1
10.8 Do not allow additional path delimiters (ALLOW_ENCODED_SLASH)UnixCIS Apache Tomcat 7 L2 v1.1.0
10.17 Setting Security Lifecycle Listener - check for config componentUnixCIS Apache Tomcat 9 L1 v1.0.0 Middleware
10.17 Setting Security Lifecycle Listener - check for config componentUnixCIS Apache Tomcat 9 L1 v1.0.0
10.18 Setting Security Lifecycle Listener (check for config component)UnixCIS Apache Tomcat 8 L1 v1.0.1
10.19 Setting Security Lifecycle Listener (check for config component)UnixCIS Apache Tomcat 7 L1 v1.1.0
10.19 Setting Security Lifecycle Listener (check for config component)UnixCIS Apache Tomcat 7 L1 v1.1.0 Middleware
35 - Do not allow custom header status messagesUnixTNS Best Practice Jetty 9 Linux
BIND-9X-001060 - A BIND 9.x caching name server must implement DNSSEC validation to check all DNS queries for invalid input.UnixDISA BIND 9.x STIG v2r3