CCE-99847-6Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2023-05-09 (M)2023-07-04 |
This policy setting allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested. If you configure this policy setting, an audit event is generated each time an account accesses a file system object on a removable storage. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when an account accesses a file system object on a removable storage.
The recommended state for this setting is: Success and Failure .
Fix:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsAdvanced Audit Policy ConfigurationAudit PoliciesObject AccessAudit Policy: Object Access: Removable Storage
(2) REG: NO REGISTRY INFO
Parameter:
[success/failure/success_failure/none]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Removable Storage
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.9 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 4.2 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:89595 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:89600 |