SI-10-727 Information Input Validation

Information Input Validation

SI-10-727
Information Input Validation
System and Information Integrity
MOD, HIGH
P1
No
Data is input into applications that cause unexpected or incorrect results, possibly crashing or placing the application in an unknown and unplanned for state.
The information system checks the validity of [Assignment: organization-defined information inputs].
An automated mechanism may allow for information system checks on the validity of information.
No statewide control
Obtain System and information integrity policy; procedures addressing information accuracy, completeness, validity, and authenticity; access control policy and procedures; separation of duties policy and procedures; documentation for automated tools and applications to verify accuracy, completeness, validity, and authenticity of information; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if: (I)the information system checks information for accuracy, completeness, validity, and authenticity by verifying that the system: -checks for accuracy, completeness, validity, and authenticity of information is accomplished as close to the point of origin as possible. -employs rules to check the valid syntax of information inputs to verify that inputs match specified definitions for format and content. -prescreens information inputs passed to interpreters to prevent the content from being unintentionally interpreted as commands. -checks the accuracy, completeness, validity, and authenticity of information to the extent guided by organizational policy and operational requirements.