| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1724 - Error Handling | ||
| Id | d07594d1-0307-4c08-94db-5d71ff31f0f6 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Information Integrity control | ||
| Additional metadata |
Name/Id: ACF1724 / Microsoft Managed Control 1724 Category: System and Information Integrity Title: Error Handling - Generates Errors Ownership: Customer, Microsoft Description: The information system: Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and Requirements: As part of the Security Development Lifecycle (SDL) process, service teams ensure that error messages do not contain sensitive information such as username and password combinations, attributes used to validate a password reset request, personally identifiable information excluding unique username identifiers provided as a normal part of a transactional record, biometric data or personal characteristics used to authenticate identity, sensitive financial records such as account numbers or access codes, content related to internal security functions such as private encryption keys, white list or blacklist rules, or object permission attributes and settings. The error messages are generic in nature that provide limited information to assist the user in correcting the error. An example is “the username or password is incorrect” when there is an error logging into the application. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|