UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Auditing must be configured as required.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6850 4.008 SV-16966r2_rule ECAR-2 ECAR-3 Medium
Description
Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, and analyze compromises that have occurred, as well as detect attacks. Audit logs are necessary to provide a trail of evidence in case the system or network is compromised. Collecting this data is essential for analyzing the security of information assets and detecting signs of suspicious and unexpected behavior.
STIG Date
Windows Vista Security Technical Implementation Guide 2015-01-05

Details

Check Text ( None )
None
Fix Text (F-43380r2_fix)
Configure the system to audit subcategories as outlined below.

Open a Command Prompt with elevated privileges. (Run as administrator).
Execute the following command for each subcategory.
Auditpol /set /subcategory:"subcategory name" /success:enable(disable) /failure:enable(disable)
(Include the quotes around the subcategory name).

System
Security System Extension - Success and Failure
System Integrity - Success and Failure
IPSec Driver - Success and Failure
Security State Change - Success and Failure

Logon/Logoff
Logon - Success and Failure
Logoff - Success
Special Logon - Success

Object Access
File System - Failure
Registry - Failure

Privilege Use
Sensitive Privilege Use - Success and Failure

Detailed Tracking
Process Creation - Success

Policy Change
Audit Policy Change - Success and Failure
Authentication Policy Change - Success

Account Management
User Account Management - Success and Failure
Computer Account Management - Success and Failure
Security Group Management - Success and Failure
Other Account Management Events - Success and Failure

Account Logon
Credential Validation - Success and Failure