Control statement
a. Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and
b. Reveal error messages only to {{ insert: param, si-11_odp }}. Parameter placeholders {{ insert: param, … }} reference FedRAMP-set values in the resolved profile. Full parameter map is
preserved in the catalog database.
Covered by these Key Security Indicators
| KSI | Title | Category |
|---|---|---|
| KSI-AFR-05 | Significant Change Notifications Determine how significant changes will be tracked and how all necessary parties will be notified in alignment with the FedRAMP Significant Change Notifications (SCN) process and persistently address all related requirements and recommendations. | Authorization by FedRAMP |
| KSI-CNA-02 | Attack Surface _Persistently_ ensure _machine-based_ _information resources_ have a minimal attack surface and that lateral movement is minimized if compromised. | Cloud Native Architecture |
| KSI-MLA-08 | Log Data Access Use a least-privileged, role and attribute-based, and just-in-time access authorization model for access to log data based on organizationally defined data sensitivity. | Monitoring, Logging, and Auditing |
| KSI-PIY-04 | CISA Secure By Design _Persistently_ review the effectiveness of building security and privacy considerations into the Software Development Lifecycle and aligning with CISA Secure By Design principles. | Policy and Inventory |