SI-11 ERROR HANDLING

Page last updated:

PCF Compliance

PCF is compliant with this requirement.

Errors returned from PCF APIs and UIs contain enough information to determine the nature of the problem, but do not disclose inappropriate information such as passwords. System logs that stream to a syslog endpoint are similarly designed to not avoid disclosing sensitive information to an unauthorized listener.

Application code is the deployer’s responsibility. Authorization to see application logs may be controlled by the Cloud Controller RBAC restrictions, which are scoped by Org and Space abstractions.

The deployer may use a nozzle to direct log streams from the Firehose to secure drains. The deployer may also use authorization controls present in their third-party log management system to control access to archival logs.

The BOSH Director, Ops Manager, and other PCF system components also stream component logs via syslog. Deployers may restrict these logs to specific personnel based on their source.


Control Description

The information system:

  1. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and
  2. Reveals error messages only to [Assignment: organization-defined personnel or roles].

Supplemental Guidance

Organizations carefully consider the structure/content of error messages. The extent to which information systems are able to identify and handle error conditions is guided by organizational policy and operational requirements. Information that could be exploited by adversaries includes, for example, erroneous logon attempts with passwords entered by mistake as the username, mission/business information that can be derived from (if not stated explicitly by) information recorded, and personal information such as account numbers, social security numbers, and credit card numbers. In addition, error messages may provide a covert channel for transmitting information.