Hello Federal and Government members,
I'm working on a document that addresses how my company's Solarwinds implementation is configured to meet the FedRAMP-Moderate controls. I was asked a question that I think only Solarwinds can answer but I'll post it here in case anyone has run into answering these questions in the past and knows how to obtain answers for these types of questions. I have case # 00280979 opened with Solarwinds but all I've heard so far is that they are reviewing my request internally.
Here's the question:
Does Solarwinds software check the validity of syntax and semantics for the following type of information system inputs to verify that the inputs match specified definitions for format and content, and ensure accurate and correct inputs that can prevent attacks such as cross-site scripting, SQL injection, etc.
• character set
• numerical range
• acceptable values
Furthermore, does Solarwinds software Input validation prevent inputs from causing wrong operations or otherwise interpret data incorrectly?
As a reference, here's the control this question originated from: https://nvd.nist.gov/800-53/Rev4/control/SI-10
I suspect this won't be the first question like this I'll have to obtain an answer for. If anyone has any experience on how to get these types of questions answered, I'd really appreciate a pointer to the right direction.
PS: If this helps, we are using NPM, SAM, IPAM, and Kiwi Syslog Server.