SV-220763r569187_rule
V-220763
SRG-OS-000474-GPOS-00219
WN10-AU-000083
CAT II
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Other Object Access Events" with "Success" selected.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open PowerShell or a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*"
Compare the AuditPol settings with the following:
Object Access >> Other Object Access Events - Success
If the system does not audit the above, this is a finding.
V-220763
False
WN10-AU-000083
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open PowerShell or a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*"
Compare the AuditPol settings with the following:
Object Access >> Other Object Access Events - Success
If the system does not audit the above, this is a finding.
M
4072