800-53|SI-11

Title

ERROR HANDLING

Description

The information system:

Supplemental

Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-2,AU-3,SC-31

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.13.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to Disabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to Disabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
2.5.14.2.1.4 Ensure 'Promote Level 2 errors as errors, not warnings' is set to 'Disabled'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
2.6 Turn off TRACE (check server.xml)	Unix	CIS Apache Tomcat 7 L1 v1.1.0
2.6 Turn off TRACE (check server.xml)	Unix	CIS Apache Tomcat 7 L1 v1.1.0 Middleware
2.6 Turn off TRACE (check web.xml config files)	Unix	CIS Apache Tomcat 7 L1 v1.1.0
2.6 Turn off TRACE (check web.xml config files)	Unix	CIS Apache Tomcat 7 L1 v1.1.0 Middleware
2.14 Set 'Promote Level 2 errors as errors, not warnings' to 'Disabled'	Windows	CIS MS Office Outlook 2010 v1.0.0
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System Log Files to Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System Log Files to Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure System Log Files to Mode 640 or Less Permissive	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Sending Diagnostic and Usage Data to Apple	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Apple System Log Files Owned by Root and Group to Wheel	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Apple System Log Files To Mode 640 or Less Permissive	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Log Files to Not Contain Access Control Lists	Unix	NIST macOS Catalina v1.5.0 - 800-171

Detections

Analytics