[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*
OVAL

System: Audit Security System Extension

ID: oval:gov.nist.usgcb.windowsseven:def:203Date: (C)2012-04-13   (M)2018-02-19
Class: COMPLIANCEFamily: windows




This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to authenticate logon attempts, submit logon requests, and any account or password changes. Examples of security system extensions are Kerberos and NTLM. A service is installed and registered with the Service Control Manager. The audit log contains information about the service name, binary, type, start type, and service account. If you configure this policy setting, an audit event is generated when an attempt is made to load a security system extension. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setting, no audit event is generated when an attempt is made to load a security system extension. Volume: Low. Security system extension events are generated more often on a domain controller than on client computers or member servers. Default: No Auditing. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security System Extension (2) REG: INFO NOT AVAILABLE

Platform:
Microsoft Windows 7
Reference:
CCE-9863-2
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9863-2
XCCDF    12
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_general_Windows_7
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_7
xccdf_org.secpod_benchmark_ISO27001_Windows_7
...

© 2013 SecPod Technologies