Capacity
CCI-001312
Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited.
1
Rule
Severity: Low
Disable Firefox Development Tools
27
Rule
Severity: Medium
Ensure rsyslog is Installed
28
Rule
Severity: Medium
Enable rsyslog Service
29
Rule
Severity: Medium
Ensure syslog-ng is Installed
29
Rule
Severity: Medium
Enable syslog-ng Service
4
Rule
Severity: Medium
Verify permissions of log files
1
Rule
Severity: Medium
The A10 Networks ADC, when used to load balance web applications, must strip HTTP response headers.
1
Rule
Severity: Medium
The A10 Networks ADC, when used to load balance web applications, must replace response codes.
8
Rule
Severity: Medium
Warning and error messages displayed to clients must be modified to minimize the identity of the Apache web server, patches, loaded modules, and directory paths.
8
Rule
Severity: Medium
Debugging and trace information used to diagnose the Apache web server must be disabled.
4
Rule
Severity: Medium
The Apache web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
2
Rule
Severity: Medium
The ALG must generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The application server must identify potentially security-relevant error conditions.
2
Rule
Severity: Medium
The application server must only generate error messages that provide information necessary for corrective actions without revealing sensitive or potentially harmful information in error logs and administrative messages.
2
Rule
Severity: Medium
The application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
The CA API Gateway must generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
IDMS must suppress security-related messages so that no information is returned that can be exploited.
2
Rule
Severity: Medium
Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.
4
Rule
Severity: Medium
The DBMS must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
Forescout must reveal error messages only to the Information System Security Officer (ISSO), Information System Security Manager (ISSM), and System Administrator (SA). This is required for compliance with C2C Step 1.
1
Rule
Severity: Medium
The DataPower Gateway must have ICMP responses disabled on all interfaces facing untrusted networks.
1
Rule
Severity: Medium
The MQ Appliance messaging server must identify potentially security-relevant error conditions.
2
Rule
Severity: Medium
The WebSphere Liberty Server must log remote session and security activity.
1
Rule
Severity: Medium
DB2 must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
The WebSphere Application Server security auditing must be enabled.
2
Rule
Severity: Medium
The IDPS must block outbound ICMP Destination Unreachable, Redirect, and Address Mask reply messages.
2
Rule
Severity: Medium
The IDPS must block malicious ICMP packets by properly configuring ICMP signatures and rules.
2
Rule
Severity: Medium
The Juniper SRX Services Gateway Firewall must configure ICMP to meet DoD requirements.
2
Rule
Severity: Medium
The Mainframe Product must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Low
Firefox development tools must be disabled.
1
Rule
Severity: Medium
The DBMS and associated applications must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
The DNS Name Server software must be configured to refuse queries for its version information.
1
Rule
Severity: Medium
The HINFO, RP, TXT and LOC RR types must not be used in the zone SOA.
1
Rule
Severity: Medium
Nutanix AOS must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Low
OHS must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
1
Rule
Severity: Medium
OHS must have the ServerSignature directive disabled.
1
Rule
Severity: Low
OHS must have the ServerTokens directive set to limit the response header.
1
Rule
Severity: Medium
OHS must have the Alias /error directive defined to reference the directory accompanying the ErrorDocument directives to minimize the identity of OHS, patches, loaded modules, and directory paths in warning and error messages displayed to clients.
1
Rule
Severity: Medium
OHS must have the permissions set properly via the Directory directive accompanying the ErrorDocument directives to minimize improper access to the warning and error messages displayed to clients.
1
Rule
Severity: Low
OHS must have defined error pages for common error codes that minimize the identity of the web server, patches, loaded modules, and directory paths.
1
Rule
Severity: Low
OHS must have production information removed from error documents to minimize the identity of OHS, patches, loaded modules, and directory paths in warning and error messages displayed to clients.
1
Rule
Severity: Medium
Debugging and trace information used to diagnose OHS must be disabled.
2
Rule
Severity: Medium
Prisma Cloud Compute must not write sensitive data to event logs.
1
Rule
Severity: Low
Oracle WebLogic must identify potentially security-relevant error conditions.
1
Rule
Severity: Medium
Oracle WebLogic must only generate error messages that provide information necessary for corrective actions without revealing sensitive or potentially harmful information in error logs and administrative messages.
2
Rule
Severity: Medium
The SDN controller must be configured to generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
Symantec ProxySG must tailor the Exceptions messages to generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The Tanium application must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The TPS must block outbound ICMP Destination Unreachable, Redirect, and Address Mask reply messages.
2
Rule
Severity: Medium
The TPS must block malicious ICMP packets by properly configuring ICMP signatures and rules.
2
Rule
Severity: Medium
The UEM server must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
ErrorReportValve showServerInfo must be set to false.
3
Rule
Severity: Medium
The macOS system must disable sending diagnostic and usage data to Apple.
2
Rule
Severity: Medium
The macOS system must configure Apple System Log files to be owned by root and group to wheel.
2
Rule
Severity: Medium
The macOS system must configure Apple System Log files to mode 640 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure system log files to be owned by root and group to wheel.
3
Rule
Severity: Medium
The macOS system must configure system log files to mode 640 or less permissive.
3
Rule
Severity: Medium
The Ubuntu operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
3
Rule
Severity: Medium
PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The container platform must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The EDB Postgres Advanced Server must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Low
Chrome development tools must be disabled.
2
Rule
Severity: Medium
The operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
SSMC must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
MarkLogic Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
MongoDB must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Low
Internet Explorer Development Tools Must Be Disabled.
2
Rule
Severity: Medium
Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 website, patches, loaded modules, and directory paths.
2
Rule
Severity: Medium
Debugging and trace information used to diagnose the IIS 10.0 website must be disabled.
2
Rule
Severity: Medium
The IIS 10.0 web server Indexing must only index web content.
2
Rule
Severity: Medium
Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 web server, patches, loaded modules, and directory paths.
2
Rule
Severity: Low
HTTPAPI Server version must be removed from the HTTP Response Header information.
2
Rule
Severity: Low
ASP.NET version must be removed from the HTTP Response Header information.
2
Rule
Severity: Medium
SQL Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
Windows Telemetry must not be configured to Full.
2
Rule
Severity: High
Windows Server 2022 administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.
3
Rule
Severity: Medium
The DBMS must only generate error messages that provide information necessary for corrective actions without revealing organization-defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited.
2
Rule
Severity: Medium
The Palo Alto Networks security platform must block outbound ICMP Destination Unreachable, Redirect, and Address Mask reply messages.
2
Rule
Severity: Medium
The Palo Alto Networks security platform must block malicious ICMP packets.
2
Rule
Severity: Medium
The Automation Controller NGINX web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
2
Rule
Severity: Medium
Debugging and trace information, within Automation Controller NGINX web server, used to diagnose the web server must be disabled.
2
Rule
Severity: Medium
The SUSE operating system must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
2
Rule
Severity: Medium
The VMM must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
VAMI must disable directory browsing.
1
Rule
Severity: Medium
VAMI must not be configured to use "mod_status".
1
Rule
Severity: Medium
VAMI must have debug logging disabled.
1
Rule
Severity: Medium
VAMI must be configured to hide the server type and version in client responses.
1
Rule
Severity: Medium
Performance Charts must set the welcome-file node to a default web page.
1
Rule
Severity: Medium
Performance Charts must not show directory listings.
1
Rule
Severity: Medium
Performance Charts must be configured to show error pages with minimal information.
1
Rule
Severity: Medium
Performance Charts must be configured to not show error reports.
1
Rule
Severity: Medium
Performance Charts must hide the server version.
1
Rule
Severity: Medium
Performance Charts must not enable support for TRACE requests.
1
Rule
Severity: Medium
Performance Charts must have the debug option turned off.
1
Rule
Severity: Medium
ESX Agent Manager must set the welcome-file node to a default web page.
1
Rule
Severity: Medium
ESX Agent Manager must not show directory listings.
1
Rule
Severity: Medium
ESX Agent Manager must be configured to show error pages with minimal information.
1
Rule
Severity: Medium
ESX Agent Manager must be configured to not show error reports.
1
Rule
Severity: Medium
ESX Agent Manager must hide the server version.
1
Rule
Severity: Medium
ESX Agent Manager must not enable support for TRACE requests.
1
Rule
Severity: Medium
ESX Agent Manager must have the debug option disabled.
1
Rule
Severity: Medium
Lookup Service must set the welcome-file node to a default web page.
1
Rule
Severity: Medium
The Lookup Service must not show directory listings.
1
Rule
Severity: Medium
Lookup Service must be configured to hide the server version.
1
Rule
Severity: Medium
Lookup Service must be configured to show error pages with minimal information.
1
Rule
Severity: Medium
Lookup Service must not enable support for TRACE requests.
1
Rule
Severity: Medium
Lookup Service must have the debug option turned off.
1
Rule
Severity: Medium
VMware Postgres must provide nonprivileged users with minimal error information.
1
Rule
Severity: Medium
The Security Token Service must set the welcome-file node to a default web page.
1
Rule
Severity: Medium
The Security Token Service must not show directory listings.
1
Rule
Severity: Medium
The Security Token Service must be configured to not show error reports.
1
Rule
Severity: Medium
The Security Token Service must not enable support for TRACE requests.
1
Rule
Severity: Medium
The Security Token Service must have the debug option disabled.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service "ErrorReportValve showServerInfo" must be set to "false".
3
Rule
Severity: Medium
The vCenter Lookup service "ErrorReportValve showServerInfo" must be set to "false".
1
Rule
Severity: Medium
vSphere UI must set the welcome-file node to a default web page.
1
Rule
Severity: Medium
The vSphere UI must not show directory listings.
1
Rule
Severity: Medium
vSphere UI must be configured to hide the server version.
1
Rule
Severity: Medium
vSphere UI must be configured to show error pages with minimal information.
1
Rule
Severity: Medium
vSphere UI must not enable support for TRACE requests.
1
Rule
Severity: Medium
vSphere UI must have the debug option turned off.
3
Rule
Severity: Medium
The vCenter Perfcharts service "ErrorReportValve showServerInfo" must be set to "false".
3
Rule
Severity: Medium
The Photon operating system /var/log directory must be restricted.
3
Rule
Severity: Medium
The vCenter PostgreSQL service must provide nonprivileged users with minimal error information.
3
Rule
Severity: Medium
The vCenter STS service "ErrorReportValve showServerInfo" must be set to "false".
3
Rule
Severity: Medium
The vCenter UI service "ErrorReportValve showServerInfo" must be set to "false".
3
Rule
Severity: Medium
The vCenter VAMI service must disable directory listing.
3
Rule
Severity: Medium
The vCenter VAMI service must not be configured to use the "mod_status" module.
3
Rule
Severity: Medium
The vCenter VAMI service must have debug logging disabled.
2
Rule
Severity: Medium
The web server must display a default hosted application web page, not a directory listing, when a requested web page cannot be found.
2
Rule
Severity: Medium
Warning and error messages displayed to clients must be modified to minimize the identity of the web server, patches, loaded modules, and directory paths.
2
Rule
Severity: Medium
Debugging and trace information used to diagnose the web server must be disabled.
1
Rule
Severity: Medium
The EDB Postgres Advanced Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel.
1
Rule
Severity: Medium
The macOS system must configure Apple System Log (ASL) files to mode 640 or less permissive.
1
Rule
Severity: Medium
The macOS system must configure system log files owned by root and group to wheel.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must generate system journal entries without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that the "journalctl" command is not accessible by unauthorized users.
1
Rule
Severity: Medium
PostgreSQL must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
The Enterprise Voice, Video, and Messaging Session Manager must be configured to generate session (call) records that provide information necessary for corrective actions without revealing personally identifiable information or sensitive information.
1
Rule
Severity: Medium
MongoDB must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
1
Rule
Severity: Medium
SLEM 5 must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules