800-53|SI-11a.

Title

ERROR HANDLING

Description

Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.2 Ensure 'debug' is turned offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.2 Ensure 'debug' is turned off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.2 Ensure 'debug' is turned off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure custom error messages are not offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.3 Ensure Custom Error Messages are not Off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure Custom Error Messages are not Off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotelyWindowsCIS IIS 8.0 v1.5.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - ApplicationsWindowsCIS IIS 7 L1 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - DefaultWindowsCIS IIS 7 L1 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - DefaultWindowsCIS IIS 7 L2 v1.8.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
12 - AutoSupport - Remove Private DataNetapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
13 - Disable stacktrace in response bodyUnixTNS Best Practice JBoss 7 Linux
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004001 - The macOS system must configure Apple System Log files to be owned by root and group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004002 - The macOS system must configure Apple System Log files to mode 640 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004030 - The macOS system must configure system log files to be owned by root and group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-004040 - The macOS system must configure system log files to mode 640 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004002 - The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004030 - The macOS system must configure system log files owned by root and group to wheel.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004040 - The macOS system must configure system log files to mode 640 or less permissive.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - LogLevelUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - TraceEnableUnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000610 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1