Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.
enabled/disabled
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon events
(2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountLogon' and precedence=1
CCE-2628
Worksheet: Audit Policy Settings; Row: 56
Setting Index #15: This policy setting determines whether to audit each instance of a user who logs on to or off from another computer that validates the account.
oval:org.secpod.oval:def:14741
HIPAA/HITECH Act
Jericho Forum
BITS Shared Assessments SIG v6.0
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005
COBIT 4.1
GAPP (Aug 2009)
NERC CIP
NIST SP800-53 R3 AU-2
PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0
CCE Version 4.2
2008-02-15
Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline Settings.xlsm
2009-10-01
Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline.xml
2009-10-01
SCAP Repo OVAL Definition
2013-08-13
HIPAA/HITECH Act
2012-10-12
Jericho Forum
2012-10-12
BITS Shared Assessments SIG v6.0
2012-10-12
ISO/IEC 27001-2005
2012-10-12
COBIT 4.1
2012-10-12
GAPP (Aug 2009)
2012-10-12
NERC CIP
2012-10-12
NIST SP800-53 R3
2012-10-12
PCIDSS v2.0
2012-10-12
BITS Shared Assessments AUP v5.0
2012-10-12