STIGQter STIGQter: STIG Summary: Windows Server 2016 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Jan 2020: Windows Server 2016 must be configured to audit Account Logon - Credential Validation successes.

DISA Rule

SV-88065r1_rule

Vulnerability Number

V-73413

Group Title

SRG-OS-000470-GPOS-00214

Rule Version

WN16-AU-000070

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon >> "Audit Credential Validation" with "Success" selected.

Check Contents

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN16-SO-000050) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:

Open an elevated "Command Prompt" (run as administrator).

Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following.

If the system does not audit the following, this is a finding.

Account Logon >> Credential Validation - Success

Vulnerability Number

V-73413

Documentable

False

Rule Version

WN16-AU-000070

Severity Override Guidance

Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN16-SO-000050) for the detailed auditing subcategories to be effective.

Use the AuditPol tool to review the current Audit Policy configuration:

Open an elevated "Command Prompt" (run as administrator).

Enter "AuditPol /get /category:*".

Compare the AuditPol settings with the following.

If the system does not audit the following, this is a finding.

Account Logon >> Credential Validation - Success

Check Content Reference

M

Target Key

3157

Comments