SI-11 Error Handling

System and Information Integrity

Low Moderate High

Description

The information system identifies and handles error conditions in an expeditious manner without providing information that could be exploited by adversaries.

Supplemental Guidance

The structure and content of error messages are carefully considered by the organization. Error messages are revealed only to authorized personnel. Error messages generated by the information system provide timely and useful information without revealing potentially harmful information that could be used by adversaries. Sensitive information (e.g., account numbers, social security numbers, and credit card numbers) are not listed in error logs or associated administrative messages. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.

Enhancements

(0) None.

Compliance Mappings

ANSSI

Hygiene.29SecNumCloud.15.3

FINMA Circular 2023/1

IV.A(41)IV.C(66)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(b)

EU DORA

Art.9(4)(e)

RBI CSF

Annex1.6

FISC Security Guidelines

FISC.T8

HKMA TM-E-1

TME1.10.1

EU CRA

CRA.I.2l

SAMA CSF

3.2

NCA ECC

2-14

CBB TM

TM-7

CBUAE

CR-6

CBE CSF

CTO-4

SA JS2

JS2-SA

BoG CISD

CISD-IXCISD-SDLC

BCBS 239

Principle 3Principle 7Principle 9

FFIEC IS

II.C.17

EBA ICT Guidelines

3.5(c)

BOT Cyber Resilience

Ch2.5

CMMC 2.0

PRA SS1/23

P3.2

FCA SYSC 13

SYSC 13.7.1

HITRUST CSF v11

10.b

OWASP MASVS v2.1

MASVS-STORAGE-2MASVS-PLATFORM-3

ISO 17799 (legacy)

12.2.112.2.212.2.312.2.4

COBIT 4.1 (legacy)

AC5