SI-11-727 Error Handling

Error Handling

SI-11-727
Error Handling
System and Information Integrity
Detect
Security Monitoring and Event Analysis
MOD, HIGH
P2
No
System failure is not detected in a timely fashion due to inadequate fault logging and monitoring capabilities.
The information system: a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveals error messages only to [Assignment: organization-defined personnel or roles].
System failure notifications are provided to employee personnel as needed, automatically.
No statewide control
Obtain system and information integrity policy; procedures addressing information system error handling; information system design documentation; information system configuration settings and associated documentation; other relevant documents or records and ascertain if : (I)the information system identifies and handles error conditions in an expeditious manner without providing information that could be exploited by adversaries. (ii)the information system reveals error messages only to authorized individuals. (iii)the information system does not include sensitive information in error logs or associated administrative messages.