SV-33659r1_rule
V-26552
Audit - IPSec Driver - Failure
WINAU-000951
CAT II
10
Detailed auditing subcategories are configured in Security Settings -> Advanced Audit Policy Configuration. The summary level settings under Security Settings -> Local Policies -> Audit Policy will not be enforced (see V-14230).
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> System -> "Audit IPSec Driver" with “Failure” selected.
Security Option “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” must be set to “Enabled” (V-14230) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges (“Run as Administrator”).
-Enter “AuditPol /get /category:*”.
Compare the Auditpol settings with the following. If the system does not audit the following, this is a finding:
System -> IPSec Driver - Failure
V-26552
False
WINAU-000951
Security Option “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” must be set to “Enabled” (V-14230) for the detailed auditing subcategories to be effective.
Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges (“Run as Administrator”).
-Enter “AuditPol /get /category:*”.
Compare the Auditpol settings with the following. If the system does not audit the following, this is a finding:
System -> IPSec Driver - Failure
M
System Administrator
1823