The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned. (1) set of accounts (2) list of permissions (3) applicability (1) defined by the object's DACL CCE-977 cacls.exe ACL (CID:2005) 4.4.1.4 %SystemRoot%\system32\cacls.exe %SystemRoot%\System32\cacls.exe Table: 9.4 Value: Administrators: Full System: Full cacls.exePermissions oval:gov.nist.1:def:131 cacls.exePermissions oval:gov.nist.fdcc.xp:def:131 oval:gov.nist.usgcb.xp:def:131 BITS Shared Assessments SIG v6.0 Jericho Forum HIPAA/HITECH Act FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- ISO/IEC 27001-2005 COBIT 4.1 GAPP (Aug 2009) NERC CIP NIST SP800-53 R3 AC-3 NIST SP800-53 R3 CM-6 PCIDSS v2.0 FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- BITS Shared Assessments AUP v5.0 CCE Version 4.2 2008-02-15 DISA Gold Disk for Windows XP check names DISA 2006-09-29 5.1.6 Windows XP Professional Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Baseline Security Settings The Center for Internet Security 2004-10-20 Version 1.3 Jeff Shawgo Sidney Faber Prose(pdf) Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist NIST 2005-10-01 Murugiah Souppaya Karen Kent Paul M. Johnson Prose(pdf) SP 800-68: Guidance for Securing Microsoft Windows XP Systems for IT Professional NIST 2006-10-10 Murugiah Souppaya Karen Kent Paul M. Johnson Stephen Quinn Peter Mell Linda Devlin XCCDF SP 800-68: Guidance for Securing Microsoft Windows XP Systems for IT Professional NIST 2006-10-10 OVAL FDCC: Guidance for Securing Microsoft Windows XP Systems for IT Professional (XCCDF Benchmark) NIST 2008-01-10 XCCDF FDCC: Guidance for Securing Microsoft Windows XP Systems for IT Professional (OVAL Definitions) NIST 2008-01-10 OVAL SCAP Repo OVAL Definition 2012-04-13 BITS Shared Assessments SIG v6.0 2012-10-12 Jericho Forum 2012-10-12 HIPAA/HITECH Act 2012-10-12 ISO/IEC 27001-2005 2012-10-12 COBIT 4.1 2012-10-12 GAPP (Aug 2009) 2012-10-12 NERC CIP 2012-10-12 NIST SP800-53 R3 2012-10-12 PCIDSS v2.0 2012-10-12 BITS Shared Assessments AUP v5.0 2012-10-12