Download
| Alert*
CCE-10917-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate. CCE-10752-4 Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate. CCE-10391-1 Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate. CCE-10589-0 Auditing of 'Object Access:��File Share' events on failure should be enabled or disabled as appropriate. CCE-11038-7 Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate. CCE-10040-4 DEPRECATED In favor of CCE-18949-8, CCE-18927-4, CCE-18664-3 and CCE-18944-9 CCE-10445-5 Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate. CCE-10808-4 Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate. CCE-11060-1 Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate. CCE-10761-5 Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate. CCE-11007-2 Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate. CCE-11116-1 Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate. CCE-10197-2 Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate. CCE-11018-9 Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate. CCE-10530-4 Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate. CCE-11029-6 Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate. CCE-10514-8 Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate. CCE-11001-5 Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate. CCE-10201-2 Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate. CCE-10247-5 Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate. CCE-10743-3 Auditing of 'Object Access:��Filtering Platform Connection' events on failure should be enabled or disabled as appropriate. CCE-11069-2 Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate. CCE-10491-9 Auditing of 'Object Access:��SAM' events on success should be enabled or disabled as appropriate. CCE-11034-6 Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate. CCE-10214-5 Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate. CCE-11003-1 Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate. CCE-10203-8 Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate. CCE-10874-6 Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate. CCE-10523-9 Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate. CCE-10060-2 Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate. CCE-10741-7 Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate. CCE-10950-4 Auditing of 'Object Access:��Certification Services' events on failure should be enabled or disabled as appropriate. CCE-11025-4 Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate. CCE-11169-0 Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate. CCE-10689-8 Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate. CCE-10961-1 Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate. CCE-10216-0 Auditing of 'Object Access:��Certification Services' events on success should be enabled or disabled as appropriate. CCE-10800-1 Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate. CCE-10737-5 Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate. CCE-10822-5 Auditing of 'Global Object Access Auditing:��Registry' events on success should be enabled or disabled as appropriate. CCE-10790-4 Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate. CCE-10979-3 Auditing of 'Object Access:��Other Object Access Events' events on failure should be enabled or disabled as appropriate. CCE-11042-9 Auditing of 'Global Object Access Auditing:��Registry' events on failure should be enabled or disabled as appropriate. CCE-11197-1 Auditing of 'Object Access:��Application Generated' events on failure should be enabled or disabled as appropriate. CCE-10999-1 Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate. CCE-10746-6 Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate. CCE-11068-4 Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate. CCE-11079-1 Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate. CCE-11856-2 The "Configure Windows NTP Client" machine setting should be configured correctly. CCE-10879-5 Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate. CCE-10526-2 Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate. CCE-10988-4 Auditing of 'Object Access:��Registry' events on failure should be enabled or disabled as appropriate. CCE-11153-4 Auditing of 'Global Object Access Auditing:��File System' events on success should be enabled or disabled as appropriate. CCE-11107-0 Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate. CCE-10706-0 Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate. CCE-10948-8 Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate. CCE-10959-5 Auditing of 'Object Access:��Handle Manipulation' events on failure should be enabled or disabled as appropriate. CCE-11160-9 Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate. CCE-10285-5 Auditing of 'Object Access:��Filtering Platform Connection' events on success should be enabled or disabled as appropriate. CCE-10826-6 Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate. CCE-10263-2 Auditing of 'Object Access:��File System' events on success should be enabled or disabled as appropriate. CCE-10728-4 Auditing of 'Object Access:��SAM' events on failure should be enabled or disabled as appropriate. CCE-10892-8 Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate. CCE-11193-0 Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate. CCE-10902-5 Auditing of 'Object Access:��Handle Manipulation' events on success should be enabled or disabled as appropriate. CCE-11064-3 Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate. CCE-10132-9 Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate. CCE-10704-5 Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate. CCE-10385-3 Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate. CCE-10189-9 Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate. CCE-11173-2 Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate. CCE-11184-9 Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate. CCE-11051-0 Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate. CCE-10848-0 Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate. CCE-10119-6 Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate. CCE-10860-5 Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate. CCE-10677-3 Auditing of 'Object Access:��Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate. CCE-11224-3 Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate. CCE-10400-0 Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate. CCE-11148-4 Auditing of 'Object Access:��Filtering Platform Packet Drop' events on failure should be enabled or disabled as appropriate. CCE-11102-1 Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate. CCE-10206-1 Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate. CCE-10971-0 Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate. CCE-11113-8 Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate. CCE-10196-4 Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate. CCE-10884-5 Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate. CCE-10686-4 Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate. CCE-10905-8 The 'Store passwords using reversible encryption' setting should be configured correctly. CCE-11006-4 Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate. CCE-10818-3 Auditing of 'Global Object Access Auditing:��File System' events on failure should be enabled or disabled as appropriate. CCE-10224-4 Auditing of 'Object Access:��Registry' events on success should be enabled or disabled as appropriate. CCE-11179-9 Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate. CCE-10213-7 Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate. CCE-10668-2 Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate. CCE-10192-3 Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate. CCE-10755-7 Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate. CCE-10237-6 Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate. CCE-10995-9 Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate. CCE-10851-4 Auditing of 'Object Access:��Kernel Object' events on failure should be enabled or disabled as appropriate. CCE-11100-5 Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate. CCE-10799-5 DEPRECATED CCE-10390-3 Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate. CCE-11111-2 Auditing of 'Object Access:��Application Generated' events on success should be enabled or disabled as appropriate. CCE-10220-2 Auditing of 'Object Access:��Kernel Object' events on success should be enabled or disabled as appropriate. CCE-10571-8 The 'Accounts: Administrator account status' setting should be configured correctly. CCE-10834-0 Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate. CCE-10680-7 Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate. CCE-11187-2 Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate. CCE-10024-8 The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly. CCE-11065-0 Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate. CCE-10593-2 Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate. CCE-10967-8 Auditing of 'Object Access:��File System' events on failure should be enabled or disabled as appropriate. CCE-10233-5 Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate. CCE-10869-6 Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate. CCE-10976-9 The built-in Administrator account should be correctly named. CCE-10222-8 Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate. CCE-11056-9 Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate. CCE-11021-3 Auditing of 'Object Access:��File Share' events on success should be enabled or disabled as appropriate. CCE-10601-3 Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate. CCE-11078-3 Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate. CCE-11032-0 Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate. CCE-10575-9 Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate. CCE-10936-3 DEPRECATED: Does not apply to Windows Server 2008 r2 CCE-10209-5 Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate. CCE-10707-8 Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate. CCE-10803-5 Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate. CCE-10240-0 Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate. CCE-11061-9 Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate. CCE-10949-6 The 'Network access: Remotely accessible registry paths' setting should be configured correctly. CCE-11170-8 Auditing of 'Object Access:��Other Object Access Events' events on success should be enabled or disabled as appropriate. CCE-9932-5 Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate. CCE-11087-4 Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate. CCE-10716-9 Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate. CCE-10847-2 Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate. CCE-10035-4 DEPRECATED in favor of CCE-18889-6, CCE-18983-7, CCE-18973-8 and CCE-18808-6 CCE-10738-3 Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate. CCE-11074-2 Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate. CCE-10923-1 Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate. |