800-53|SI-11

Title

ERROR HANDLING

Description

The information system:

Supplemental

Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information.

Reference Item Details

Related: AU-2,AU-3,SC-31

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.13.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
2.5.14.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.6 Turn off TRACE (check server.xml)UnixCIS Apache Tomcat 7 L1 v1.1.0
2.6 Turn off TRACE (check server.xml)UnixCIS Apache Tomcat 7 L1 v1.1.0 Middleware
2.6 Turn off TRACE (check web.xml config files)UnixCIS Apache Tomcat 7 L1 v1.1.0
2.6 Turn off TRACE (check web.xml config files)UnixCIS Apache Tomcat 7 L1 v1.1.0 Middleware
2.14 Set 'Promote Level 2 errors as errors, not warnings' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
Big Sur - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System Log Files Owned by Root and Group to WheelUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System Log Files to Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System Log Files to Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System Log Files to Mode 640 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Sending Diagnostic and Usage Data to AppleUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Catalina - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Apple System Log Files Owned by Root and Group to WheelUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Apple System Log Files To Mode 640 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Log Files to Not Contain Access Control ListsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low