800-53|SI-11a.

Title

ERROR HANDLING

Description

Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.2 Ensure 'debug' is turned off	Windows	CIS IIS 8.0 v1.5.1 Level 2
3.2 Ensure 'debug' is turned off - Applications	Windows	CIS IIS 7 L2 v1.8.0
3.2 Ensure 'debug' is turned off - Default	Windows	CIS IIS 7 L2 v1.8.0
3.3 Ensure custom error messages are not off	Windows	CIS IIS 8.0 v1.5.1 Level 2
3.3 Ensure Custom Error Messages are not Off - Applications	Windows	CIS IIS 7 L2 v1.8.0
3.3 Ensure Custom Error Messages are not Off - Default	Windows	CIS IIS 7 L2 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely	Windows	CIS IIS 8.0 v1.5.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications	Windows	CIS IIS 7 L1 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default	Windows	CIS IIS 7 L1 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - Applications	Windows	CIS IIS 7 L2 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - Default	Windows	CIS IIS 7 L2 v1.8.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTrace	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTrace	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStack	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStack	Windows	CIS Microsoft SharePoint 2019 OS v1.0.0
12 - AutoSupport - Remove Private Data	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
13 - Disable stacktrace in response body	Unix	TNS Best Practice JBoss 7 Linux
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 2 v3.2.0
APPL-14-002021 - The macOS system must disable sending diagnostic and usage data to Apple.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004001 - The macOS system must configure Apple System Log files to be owned by root and group to wheel.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004002 - The macOS system must configure Apple System Log files to mode 640 or less permissive.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004030 - The macOS system must configure system log files to be owned by root and group to wheel.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-14-004040 - The macOS system must configure system log files to mode 640 or less permissive.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004002 - The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004030 - The macOS system must configure system log files owned by root and group to wheel.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-004040 - The macOS system must configure system log files to mode 640 or less permissive.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - LogLevel	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - TraceEnable	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.	Unix	DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000610 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.	Windows	DISA STIG Apache Server 2.4 Windows Site v2r1

Detections

Analytics

800-53|SI-11a.

Title

Description

Reference Item Details

Audit Items