Ensuring applications only reveal error messages to authorized personnel

Network Device Management Rules : Ensuring applications only reveal error messages to authorized personnel

Rule Title: The application must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

STIG ID: RICX-DM-000145

Rule ID: SV-77485r1_rule Severity: CAT II

Vuln ID: V-62995 Class: Unclass

Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state. Additionally, sensitive account information must not be revealed through error messages to unauthorized personnel or their designated representatives.

Verifying the system restricts error messages

Verify that RiOS is configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

For detailed information, see Verifying the system is protecting audit information.

Configuring the system restricts error messages

Verify that RiOS is configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

For detailed information, see Configuring the system to protect audit information.