From VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide
Part of SRG-APP-000266-AS-000168
Associated with: CCI-001312
The structure and content of error messages need to be carefully considered by the organization and development team. Any application providing too much information in error logs and in administrative messages to the screen risks compromising the data and security of the application and system. The extent to which the application server is able to identify and handle error conditions is guided by organizational policy and operational requirements. Adequate logging levels and system performance capabilities need to be balanced with data protection requirements. The structure and content of error messages needs to be carefully considered by the organization and development team. Application servers must have the capability to log at various levels, which can provide log entries for potential security-related error events. An example is the capability for the application server to assign a criticality level to a failed logon attempt error message, a security-related error message being of a higher criticality.
Interview the ISSO and/or the SA and review vRA product documentation. Determine a local procedure exists for monitoring error conditions reported by the vAMI. If a procedure does not exist or is not being followed, this is a finding.
Develop and implement a site procedure to monitor error conditions reported by the vAMI.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer