800-53|SI-11a.

Title

ERROR HANDLING

Description

Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.2 Ensure 'debug' is turned offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.2 Ensure 'debug' is turned off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.2 Ensure 'debug' is turned off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure custom error messages are not offWindowsCIS IIS 8.0 v1.5.1 Level 2
3.3 Ensure Custom Error Messages are not Off - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.3 Ensure Custom Error Messages are not Off - DefaultWindowsCIS IIS 7 L2 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotelyWindowsCIS IIS 8.0 v1.5.1 Level 1
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - ApplicationsWindowsCIS IIS 7 L1 v1.8.0
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - DefaultWindowsCIS IIS 7 L1 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - ApplicationsWindowsCIS IIS 7 L2 v1.8.0
3.5 Ensure ASP.NET stack tracing is not enabled - DefaultWindowsCIS IIS 7 L2 v1.8.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowedWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTraceWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2019 OS v1.0.0
7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStackWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
12 - AutoSupport - Remove Private DataNetapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
13 - Disable stacktrace in response bodyUnixTNS Best Practice JBoss 7 Linux
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - LogLevelUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - LogLevelUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - TraceEnableUnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled - TraceEnableUnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000620 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000630 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000610 - The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000620 - Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000630 - Debugging and trace information used to diagnose the Apache web server must be disabled.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Generate Error Messages without Exploitable InformationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Generate Error Messages without Exploitable InformationUnixNIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-006200 - DB2 must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DTBC-0068 - Chrome development tools must be disabled.WindowsDISA STIG Google Chrome v2r8
DTBI1135-IE11 - Internet Explorer Development Tools Must Be Disabled.WindowsDISA STIG IE 11 v2r4
EP11-00-006500 - The EDB Postgres Advanced Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r2
FFOX-00-000015 - Firefox development tools must be disabled.UnixDISA STIG Mozilla Firefox MacOS v6r5
FFOX-00-000015 - Firefox development tools must be disabled.WindowsDISA STIG Mozilla Firefox Windows v6r5
FFOX-00-000015 - Firefox development tools must be disabled.UnixDISA STIG Mozilla Firefox Linux v6r5
IIST-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 website, patches, loaded modules, and directory paths.WindowsDISA IIS 10.0 Site v2r9