STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021: STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:SV-220790r569187_rule
V-220790
SRG-OS-000037-GPOS-00015
WN10-AU-000575
CAT II
10
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Policy Change >> “Audit MPSSVC Rule-Level Policy Change" with "Success" selected.
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*".
Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding:
Policy Change >> MPSSVC Rule-Level Policy Change - Success
V-220790
False
WN10-AU-000575
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
Open a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*".
Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding:
Policy Change >> MPSSVC Rule-Level Policy Change - Success
M
4072