VM-16—Non-disclosure of Error Detail

>Control Description

Information systems are designed to ensure error messages generated provide adequate information for taking corrective action without revealing sensitive information.

Theme

Technology

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure that a process is defined to design Information systems in such a way that error messages generated provide adequate information for taking corrective action without revealing sensitive information.

>Testing Procedure

1. Inspect the type of error messages configured in a sample of applications. 2. Ensure no sensitive data or user information is provided via error messages. Additionally, ensure appropriate corrective actions are highlighted in the error message.

>Audit Artifacts

E-VM-15

E-VM-16

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

FedRAMP Rev 51

PCI DSS1

TX-RAMP1

Ask AI

FedRAMP Rev 5
1

PCI DSS
1

TX-RAMP
1