Title: In support of information flow requirements, applications must track problems associated with information transfer.
Vulnerability ID: V-32231
IA Controls: None
Description: When an application transfers data, there is the chance an error or problem with the data transfer may occur. Applications need to track failures and any problems encountered when performing data transfers so problems can be identified and remediated.
Some potential issues with a failed or problematic data transfer include: leaving sensitive data in a processing queue indefinitely, partial or incomplete data transfers, and corrupted data transfers. Tracking problems with data transfers also serves to create a forensic record that can be retained to assist in investigations regarding the flow of application data.
This requirement is specific to network devices designed to perform information flow control. This requirement is NA for databases.
Check Text: This check is NA for databases.
Fix Text: This fix is NA for databases.[divider]
As noted, this does not apply directly to SQL Server.
SQL Server does provide various error messages and alerts when problems with the transfer of data exist. Applications have to make sure they are able to handle these sitations properly.
Some of the alert severity levels to keep an eye out for are:
Severity level 17: Insufficient resources
Severity level 18: Nonfatal Internal Error Detected
Severity level 19: SQL Server Error in Resource
Severity level 20: SQL Server Fatal Error In Current Process
Severity level 21: SQL Server Fatal Error in Database (DBID) Processes
Severity level 22: SQL Server Fatal Error Table Integrity Suspect
Severity level 23: SQL Server Fatal Error: Database Integrity Suspect
Severity level 24: Hardware Error
Any of these severity alerts arising on your SQL Server should immediately inform the DBA to be resolved accordingly before anything gets too out of control.