IDMS must suppress security-related messages so that no information is returned that can be exploited.
An XCCDF Rule
Description
<VulnDiscussion>Error messages issued to non-privileged users may have contents that should be considered confidential. IDMS should be configured so that these messages are not issued to those users.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251624r807739_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Reassemble, relink, and reload (V NC) RHDCOPTF with #DEFOPTF OPT00051 (for messages sent to user) and optional #DEFOPTF OPT00226 (for messages sent to IDMS log).