STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must not be subject to error handling vulnerabilities.

DISA Rule

SV-222656r508029_rule

Vulnerability Number

V-222656

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003235

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.
CCI-003272 - The organization requires the developer of the information system, system component, or information system service to reduce attack surfaces to organization-defined thresholds.

Weight

Fix Recommendation

Ensure proper return code and exception handling is implemented throughout the application.

Check Contents

Review the application documentation, code review reports and the results from static code analysis tools.

Identify the most recent security scans and code analysis testing conducted. Verify testing configuration includes tests for error handling issues.

Check test results for identified error handling vulnerabilities within the application.

If the test results indicate the existence of error handling vulnerabilities and no remediation evidence is presented, this is a finding.

If no test results are available for review, this is a finding.

The application must not be subject to error handling vulnerabilities.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments