800-53|SI-10(3)

Title

PREDICTABLE BEHAVIOR

Description

The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Supplemental

A common vulnerability in organizational information systems is unpredictable behavior when invalid inputs are received. This control enhancement ensures that there is predictable behavior in the face of invalid inputs by specifying information system responses that facilitate transitioning the system to known states without adverse, unintended side effects.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: INFORMATION INPUT VALIDATION

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.8.1.2 Ensure 'Custom Markup Warning' is set to Enabled	Windows	CIS Microsoft Office Word 2016 v1.1.0
1.8.1.2 Ensure 'Custom Markup Warning' is set to Enabled	Windows	CIS Microsoft Office Word 2013 v1.1.0
10.19 Setting Security Lifecycle Listener (check for config component)	Unix	CIS Apache Tomcat 7 L1 v1.1.0
10.19 Setting Security Lifecycle Listener (check for config component)	Unix	CIS Apache Tomcat 7 L1 v1.1.0 Middleware
Big Sur - Must behave in predictable and documented manner	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
BIND-9X-001060 - A BIND 9.x caching name server must implement DNSSEC validation to check all DNS queries for invalid input - dnssec-enable	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001060 - A BIND 9.x caching name server must implement DNSSEC validation to check all DNS queries for invalid input - dnssec-validation	Unix	DISA BIND 9.x STIG v2r2
BIND-9X-001060 - A BIND 9.x caching name server must implement DNSSEC validation to check all DNS queries for invalid input - managed-keys	Unix	DISA BIND 9.x STIG v2r2
Catalina - Must behave in predictable and documented manner	Unix	NIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-009300 - When invalid inputs are received, DB2 must behave in a predictable and documented manner that reflects organizational and system objectives.	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EP11-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r2
F5BI-AF-000229 - The BIG-IP AFM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives.	F5	DISA F5 BIG-IP Advanced Firewall Manager STIG v2r1
F5BI-AP-000229 - The BIG-IP APM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives.	F5	DISA F5 BIG-IP Access Policy Manager STIG v2r3
F5BI-AS-000229 - The BIG-IP ASM module must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives.	F5	DISA F5 BIG-IP Application Security Manager STIG v2r1
F5BI-LT-000229 - The BIG-IP Core implementation must be configured to handle invalid inputs in a predictable and documented manner that reflects organizational and system objectives.	F5	DISA F5 BIG-IP Local Traffic Manager STIG v2r3
MADB-10-009100 - When invalid inputs are received, MariaDB must behave in a predictable and documented manner that reflects organizational and system objectives.	MySQLDB	DISA MariaDB Enterprise 10.x v1r2 DB
MD3X-00-000780 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives.	MongoDB	DISA STIG MongoDB Enterprise Advanced 3.x v2r1 DB
MD4X-00-006200 - When invalid inputs are received, MongoDB must behave in a predictable and documented manner that reflects organizational and system objectives.	MongoDB	DISA STIG MongoDB Enterprise Advanced 4.x v1r2 DB
Monterey - Must behave in predictable and documented manner	Unix	NIST macOS Monterey v1.0.0 - All Profiles
MYS8-00-012500 - When invalid inputs are received, the MySQL Database Server 8.0 must behave in a predictable and documented manner that reflects organizational and system objectives.	MySQLDB	DISA Oracle MySQL 8.0 v1r4 DB
PGS9-00-003700 - When invalid inputs are received, PostgreSQL must behave in a predictable and documented manner that reflects organizational and system objectives.	PostgreSQLDB	DISA STIG PostgreSQL 9.x on RHEL DB v2r3
PPS9-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives.	PostgreSQLDB	EDB PostgreSQL Advanced Server DB Audit v2r2
SQL4-00-035200 - When invalid inputs are received, SQL Server must behave in a predictable and documented manner that reflects organizational and system objectives.	MS_SQLDB	DISA STIG SQL Server 2014 Database Audit v1r6
VCPG-67-000024 - VMware Postgres must set client-side character encoding to UTF-8.	Unix	DISA STIG VMware vSphere 6.7 PostgreSQL v1r2
WDNS-SI-000002 - The Windows 2012 DNS Server must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality.	Windows	DISA Microsoft Windows 2012 Server DNS STIG v2r5

Detections

Analytics