STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

Windows Server 2012/2012 R2 must be configured to audit System - Other System Events failures.

DISA Rule

SV-225301r569185_rule

Vulnerability Number

V-225301

Group Title

SRG-OS-000064-GPOS-00033

Rule Version

WN12-AU-000106

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> "Audit Other System Events" with "Failure" selected.

Check Contents

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:

Open an elevated "Command Prompt" (run as administrator).

Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following.

If the system does not audit the following, this is a finding.

System >> Other System Events - Failure

Vulnerability Number

V-225301

Documentable

False

Rule Version

WN12-AU-000106

Severity Override Guidance

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:

Open an elevated "Command Prompt" (run as administrator).

Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following.

If the system does not audit the following, this is a finding.

System >> Other System Events - Failure

Check Content Reference

M

Target Key

4214

Comments