STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

SV-206579r617447_rule

Vulnerability Number

V-206579

Group Title

SRG-APP-000267

Rule Version

SRG-APP-000267-DB-000163

Severity

CAT II

CCI(s)

• CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

10

Fix Recommendation

Configure DBMS settings, custom database code, and associated application code not to display detailed error messages to those not authorized to view them.

Check Contents

Check DBMS settings and custom database code to determine if detailed error messages are ever displayed to unauthorized individuals.

If detailed error messages are displayed to individuals not authorized to view them, this is a finding.

Vulnerability Number

V-206579

Documentable

False

Rule Version

SRG-APP-000267-DB-000163

Severity Override Guidance

Check DBMS settings and custom database code to determine if detailed error messages are ever displayed to unauthorized individuals.

If detailed error messages are displayed to individuals not authorized to view them, this is a finding.

Check Content Reference

M

Target Key

2902

Comments