[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Audit: Shut down system immediately if unable to log security audits

ID: oval:org.secpod.oval:def:22817Date: (C)2015-01-07   (M)2017-10-31
Class: COMPLIANCEFamily: windows




This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log them. Microsoft has chosen to meet this requirement by halting the system and displaying a stop message if the auditing system experiences a failure. When this policy setting is enabled, the system will be shut down if a security audit cannot be logged for any reason. If the Audit: Shut down system immediately if unable to log security audits setting is enabled, unplanned system failures can occur. Therefore, this policy setting is configured to Not Defined for both of the environments that are discussed in this chapter. This policy setting determines whether the system shuts down if it is unable to log Security events. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Audit: Shut down system immediately if unable to log security audits (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa!crashonauditfail

Platform:
Microsoft Windows Server 2012 R2
Reference:
CCE-35907-5
CPE    1
cpe:/o:microsoft:windows_server_2012::r2:x64
CCE    1
CCE-35907-5
XCCDF    6
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_ISO27001_Windows_2012_R2
...

© 2013 SecPod Technologies