DoD STIGs – V-32569

Overview:

Title: The DBMS must identify potentially security-relevant error conditions.

Vulnerability ID: V-32569

STIG ID:

IA Controls: None

Severity: medium

Description: The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the application is able to identify and handle error conditions is guided by organizational policy and operational requirements.

Database logs can be monitored for specific security related errors. Any error that can have a negative effect on database security should be quickly identified and forwarded to the appropriate personnel. If security-relevant error conditions are not identified by the DBMS they may be overlooked by the personnel responsible for addressing them.

Check Text: Check DBMS settings to determine whether security related error conditions are monitored and whether appropriate personnel are notified. If security related error conditions are not being monitored for, this is a finding.

If appropriate personnel are not alerted when a security related error condition is found, this is a finding.

Fix Text: Configure DBMS to monitor for security related error conditions.

Configure DBMS to alert appropriate personnel when security related error conditions are found.

[divider]

Interpreting V-32569:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.