DoD STIGs – V-32231

Overview:

Title: In support of information flow requirements, applications must track problems associated with information transfer.

Vulnerability ID: V-32231

STIG ID:

IA Controls: None

Severity: medium

Description: When an application transfers data, there is the chance an error or problem with the data transfer may occur. Applications need to track failures and any problems encountered when performing data transfers so problems can be identified and remediated.

Some potential issues with a failed or problematic data transfer include: leaving sensitive data in a processing queue indefinitely, partial or incomplete data transfers, and corrupted data transfers. Tracking problems with data transfers also serves to create a forensic record that can be retained to assist in investigations regarding the flow of application data.

This requirement is specific to network devices designed to perform information flow control. This requirement is NA for databases.

Check Text: This check is NA for databases.

Fix Text: This fix is NA for databases.

[divider]

Interpreting V-32231:

As noted, this does not apply directly to SQL Server.

SQL Server does provide various error messages and alerts when problems with the transfer of data exist. Applications have to make sure they are able to handle these sitations properly.

Some of the alert severity levels to keep an eye out for are:

Severity level 17: Insufficient resources

Severity level 18: Nonfatal Internal Error Detected

Severity level 19: SQL Server Error in Resource

Severity level 20: SQL Server Fatal Error In Current Process

Severity level 21: SQL Server Fatal Error in Database (DBID) Processes

Severity level 22: SQL Server Fatal Error Table Integrity Suspect

Severity level 23: SQL Server Fatal Error: Database Integrity Suspect

Severity level 24: Hardware Error

Any of these severity alerts arising on your SQL Server should immediately inform the DBA to be resolved accordingly before anything gets too out of control.

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.