Documentation
HECVAT Full v3.0.6
Application/Service Security
APPL-03

Question APPL-03

Does the system provide data input validation and error messages?

Weight20
High RiskNo
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

State plans to implement data input validation and error messaging across all components of your system.

Answering "YES"

Describe how your system(s) provide data input validation and error messages.

Reason for Question

Input validation is a secure coding best practice, so confirming its implementation is normally a high priority. Error messages (to the system and user) can be used to detect abnormal use and to better protect institutional data. Depending on the criticality of data and the flow of said data, an institution's risk tolerance will be unique to their environment.

Follow-Up Inquiries

Inquire about any planned improvements to these capabilities. Ask about their product(s) roadmap, and try to understand how they prioritize security concerns in their environment.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]