STIGQter STIGQter: STIG Summary: Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide Version: 2 Release: 17 Benchmark Date: 25 Oct 2019: The system must be configured to audit System - Security System Extension successes.

DISA Rule

SV-52974r1_rule

Vulnerability Number

V-26555

Group Title

Audit - Security System Extension - Success

Rule Version

WN12-AU-000109

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> System -> "Audit Security System Extension" with "Success" selected.

Check Contents

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges ("Run as Administrator").
-Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding.

System -> Security System Extension - Success

Vulnerability Number

V-26555

Documentable

False

Rule Version

WN12-AU-000109

Severity Override Guidance

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (V-14230) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:
-Open a Command Prompt with elevated privileges ("Run as Administrator").
-Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding.

System -> Security System Extension - Success

Check Content Reference

M

Target Key

2350

Comments