Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate. enabled/disabled (1) Commandline: auditpol.exe CCE-699 Worksheet: Audit Policy Settings; Row: 32 Setting Index #392: The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with the DPAPI Activity. oval:org.secpod.oval:def:14752 BITS Shared Assessments SIG v6.0 Jericho Forum HIPAA/HITECH Act FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- ISO/IEC 27001-2005 COBIT 4.1 GAPP (Aug 2009) NERC CIP NIST SP800-53 R3 AU-2 PCIDSS v2.0 FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- BITS Shared Assessments AUP v5.0 CCE Version 4.2 2008-02-15 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline Settings.xlsm 2009-10-01 Microsoft Security Compliance Management Toolkit for Windows 7, Windows 7 Security Baseline.xml 2009-10-01 SCAP Repo OVAL Definition 2013-08-13 BITS Shared Assessments SIG v6.0 2012-10-12 Jericho Forum 2012-10-12 HIPAA/HITECH Act 2012-10-12 ISO/IEC 27001-2005 2012-10-12 COBIT 4.1 2012-10-12 GAPP (Aug 2009) 2012-10-12 NERC CIP 2012-10-12 NIST SP800-53 R3 2012-10-12 PCIDSS v2.0 2012-10-12 BITS Shared Assessments AUP v5.0 2012-10-12