Description
The information system identifies and handles error conditions in an expeditious manner without providing information that could be exploited by adversaries.\n
Supplemental Guidance
The structure and content of error messages are carefully considered by the organization. Error messages are revealed only to authorized personnel. Error messages generated by the information system provide timely and useful information without revealing potentially harmful information that could be used by adversaries. Sensitive information (e.g., account numbers, social security numbers, and credit card numbers) are not listed in error logs or associated administrative messages. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.\n
Enhancements
(0) None.\n