← Back to catalog
SI-10(6)

Injection Prevention

System and Information Integrity (SI)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Prevent untrusted data injections.

Discussion

Untrusted data injections may be prevented using a parameterized interface or output escaping (output encoding). Parameterized interfaces separate data from code so that injections of malicious or unintended data cannot change the semantics of commands being sent. Output escaping uses specified characters to inform the interpreter’s parser whether data is trusted. Prevention of untrusted data injections are with respect to the information inputs defined by the organization in the base control ( [SI-10](#si-10)).

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.