STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 1 Release: 19 Benchmark Date: 25 Oct 2019: The system must be configured to audit System - IPSec Driver successes.

DISA Rule

SV-77985r1_rule

Vulnerability Number

V-63495

Group Title

WN10-AU-000125

Rule Version

WN10-AU-000125

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> System >> "Audit IPSec Driver" with "Success" selected.

Check Contents

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:
Open a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding:"

System >> IPSec Driver - Success

Vulnerability Number

V-63495

Documentable

False

Rule Version

WN10-AU-000125

Severity Override Guidance

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:
Open a Command Prompt with elevated privileges ("Run as Administrator").
Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding:"

System >> IPSec Driver - Success

Check Content Reference

M

Target Key

2885

Comments