v8 Error handling and logging verification requirementsΒΆ
- 8.1 Information leakage
- 8.2 Error handling is performed on trusted devices
- 8.3 Logging controls are implemented on the server
- 8.4 Error handling logic denies access by default
- 8.5 Security relevant success and failure events are loggable by controls
- 8.6 Log events are complete
- 8.7 Events that include untrusted data will not be executed
- 8.8 Security logs are protected
- 8.9 Single application-level logging implementation
- 8.10 Application log does not include sensitive data
- 8.11 A sufficiently advanced log analysis tool is available
- 8.12 Logs are stored differently and rotated