[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Ensure Audit Success and Failure for 'Audit Policy; Audit system events'

ID: oval:org.secpod.oval:def:14813Date: (C)2013-08-13   (M)2022-10-10
Class: COMPLIANCEFamily: windows




This security setting determines whether the OS audits any of the following events: * Attempted system time change * Attempted security system startup or shutdown * Attempt to load extensible authentication components * Loss of audited events due to auditing system failure * Security log size exceeding a configurable warning threshold level. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures). If Success auditing is enabled, an audit entry is generated each time the OS performs one of these activities successfully. If Failure auditing is enabled, an audit entry is generated each time the OS attempts and fails to perform one of these activities. Default: Security State Change Success Security System Extension No Auditing System Integrity Success, Failure IPsec Driver No Auditing Other System Events Success, Failure Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see http://go.microsoft.com/fwlink/?LinkId=140969. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit system events (2) REG: INFO NOT AVAILABLE

Platform:
Microsoft Windows 7
Reference:
CCE-9990-3
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9990-3
XCCDF    2
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_7

© SecPod Technologies