18.2: Ensure That Explicit Error Checking is Performed for All In-House Developed Software

CSF v1.1 References:

PR.DS-6

PF v1.0 References:

PR.DS-P6

Threats Addressed:

Tampering
Information Disclosure
Elevation of Privilege

Group:

The next version of the control set incorporates all or part of this control into: 16.10: Apply Secure Design Principles in Application Architectures.

Control Statement

For in-house developed software, ensure that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4