IDMS must check for invalid data and behave in a predictable manner when encountered.
An XCCDF Rule
Description
<VulnDiscussion>A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251649r961656_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Revise and deploy source code changes for checks, procedures, and edits to implement the documented behavior.
For SQL-defined tables, ALTER TABLE <schema-name>.<table-name> ADD CHECK (search-condition).
For network-defined records, MODIFY <record-name> CALL procedure BEFORE STORE/MODIFY. Create or update procedure to validate provided record field values.