STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to CA IDMS Security Technical Implementation Guide

V-251625

CAT II (Medium)

Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.

Rule ID

SV-251625r961167_rule

STIG

CA IDMS Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-001312

Discussion

Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur.

Check Content

Check custom database code to verify that error messages do not contain information beyond what is needed for troubleshooting the issue.

If database errors contain PII data, sensitive business data, or information useful for identifying the host system or database structure, this is a finding.

Fix Text

Configure custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.