STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

When invalid inputs are received, the DBMS must behave in a predictable and documented manner that reflects organizational and system objectives.

DISA Rule

SV-206609r617447_rule

Vulnerability Number

V-206609

Group Title

SRG-APP-000447

Rule Version

SRG-APP-000447-DB-000393

Severity

CAT II

CCI(s)

• CCI-002754 - The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Weight

10

Fix Recommendation

Revise and deploy the source code for database program objects (stored procedures, functions, triggers) and application source code, to implement the documented behavior.

Check Contents

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Vulnerability Number

V-206609

Documentable

False

Rule Version

SRG-APP-000447-DB-000393

Severity Override Guidance

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Check Content Reference

M

Target Key

2902

Comments