Detections
Analytics

800-53|SI-11a.

Title

ERROR HANDLING

Description

Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.2 Ensure 'debug' is turned offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.2 Ensure 'debug' is turned off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.2 Ensure 'debug' is turned off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure custom error messages are not offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.3 Ensure Custom Error Messages are not Off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure Custom Error Messages are not Off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotelyWindowsCIS IIS 8.0 v1.5.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - ApplicationsWindowsCIS IIS 7 L1 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - DefaultWindowsCIS IIS 7 L1 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - DefaultWindowsCIS IIS 7 L2 v1.8.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
12 - AutoSupport - Remove Private DataNetapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
13 - Disable stacktrace in response bodyUnixTNS Best Practice JBoss 7 Linux
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-004001 - The macOS system must configure Apple System Log files to be owned by root and group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-004002 - The macOS system must configure Apple System Log files to mode 640 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-004030 - The macOS system must configure system log files to be owned by root and group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-004040 - The macOS system must configure system log files to mode 640 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v1r2
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v2r7
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabledUnixDISA STIG Apache Server 2.4 Unix Server v2r7
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - LogLevelUnixDISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - TraceEnableUnixDISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000610 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Generate Error Messages without Exploitable InformationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Generate Error Messages without Exploitable InformationUnixNIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-006200 - DB2 must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTBC-0068 - Chrome development tools must be disabled.WindowsDISA STIG Google Chrome v2r9
DTBI1135-IE11 - Internet Explorer Development Tools Must Be Disabled.WindowsDISA STIG IE 11 v2r5
EP11-00-006500 - The EDB Postgres Advanced Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r3