Rule ID
SV-279451r1192368_rule
Version
V1R1
CCIs
If the application provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements. Application servers must protect the error messages that are created by the application server. All application server users' accounts are used for the management of the server and the applications residing on the application server. All accounts are assigned to a certain role with corresponding access rights. The application server must restrict access to error messages so only authorized users may view them. Error messages are usually written to logs contained on the file system. The application server will usually create new log files as needed and must take steps to ensure the proper file permissions are used when the log files are created.
Nutanix VM application server supports user and group role mapping. Verify that all users or groups match that of the documented mapping policies defined by the information system security officer (ISSO). 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Role mapping". For each user or group listed, verify the role granted is in accordance with access control policies. If not, this is a finding.
Configure the user and group mappings to be compliant with the documented mapping policies defined by the ISSO. 1. Log in to Prism Element. 2. Click the gear icon in the upper-right corner. 3. Navigate to "Role mapping". 4. Add users and groups to role mappings per policy.