The application must be configured to reveal error messages only to authorized individuals (ISSO, ISSM, and SA).

Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state. Additionally, sensitive account information must not be revealed through error messages to unauthorized personnel or their designated representatives.