last sync: 2023-Jan-27 18:40:07 UTC

Azure Policy definition

Generate error messages

Name Generate error messages
Azure Portal
Id c2cb4658-44dc-9d11-3dad-7c6802dd5ba3
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1724 - Generate error messages
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 7 compliance controls are associated with this Policy definition 'Generate error messages' (c2cb4658-44dc-9d11-3dad-7c6802dd5ba3)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SI-11 FedRAMP_High_R4_SI-11 FedRAMP High SI-11 System And Information Integrity Error Handling Shared n/a The information system: a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveals error messages only to [Assignment: organization-defined personnel or roles]. Supplemental Guidance: Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information. Related controls: AU-2, AU-3, SC-31. Control Enhancements: None. References: None. link 2
FedRAMP_Moderate_R4 SI-11 FedRAMP_Moderate_R4_SI-11 FedRAMP Moderate SI-11 System And Information Integrity Error Handling Shared n/a The information system: a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveals error messages only to [Assignment: organization-defined personnel or roles]. Supplemental Guidance: Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information. Related controls: AU-2, AU-3, SC-31. Control Enhancements: None. References: None. link 2
hipaa 1006.01d2System.1-01.d hipaa-1006.01d2System.1-01.d 1006.01d2System.1-01.d 10 Password Management 1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems Shared n/a Passwords are not included in automated log-on processes. 5
ISO27001-2013 A.9.4.2 ISO27001-2013_A.9.4.2 ISO 27001:2013 A.9.4.2 Access Control Secure log-on procedures Shared n/a Where required by the access control policy, access to systems and applications shall be controlled by a secure log-on procedure. link 17
NIST_SP_800-53_R4 SI-11 NIST_SP_800-53_R4_SI-11 NIST SP 800-53 Rev. 4 SI-11 System And Information Integrity Error Handling Shared n/a The information system: a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveals error messages only to [Assignment: organization-defined personnel or roles]. Supplemental Guidance: Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information. Related controls: AU-2, AU-3, SC-31. Control Enhancements: None. References: None. link 2
NIST_SP_800-53_R5 SI-11 NIST_SP_800-53_R5_SI-11 NIST SP 800-53 Rev. 5 SI-11 System and Information Integrity Error Handling Shared n/a a. Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and b. Reveal error messages only to [Assignment: organization-defined personnel or roles]. link 2
SOC_2 PI1.3 SOC_2_PI1.3 SOC 2 Type 2 PI1.3 Additional Criteria For Processing Integrity System processing Shared The customer is responsible for implementing this recommendation. • Defines Processing Specifications — The processing specifications that are necessary to meet product or service requirements are defined. • Defines Processing Activities — Processing activities are defined to result in products or services that meet specifications. • Detects and Corrects Production Errors — Errors in the production process are detected and corrected in a timely manner. • Records System Processing Activities — System processing activities are recorded completely and accurately in a timely manner. • Processes Inputs — Inputs are processed completely, accurately, and timely as authorized in accordance with defined processing activities 5
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-13 16:35:29 add c2cb4658-44dc-9d11-3dad-7c6802dd5ba3
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2 Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
SOC 2 Type 2 4054785f-702b-4a98-9215-009cbd58b141 Regulatory Compliance GA BuiltIn
JSON
changes

JSON