Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Windows 10 must have command line process auditing events enabled for failures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-257589 | WN10-AU-000585 | SV-257589r953811_rule | Medium |
| Description |
|---|
| When this policy setting is enabled, the operating system generates audit events when a process fails to start and the name of the program or user that created it. These audit events can assist in understanding how a computer is being used and tracking user activity. |
| STIG | Date |
|---|---|
| Microsoft Windows 10 Security Technical Implementation Guide | 2024-02-21 |
Details
| Check Text ( C-61326r951143_chk ) |
|---|
| Ensure Audit Process Creation auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >>System Audit Policies >> Detailed Tracking >> Audit Process Creation". If "Audit Process Creation" is not set to "Failure", this is a finding. |
| Fix Text (F-61250r951144_fix) |
|---|
| Go to Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >>System Audit Policies >> Detailed Tracking >> Audit Process Creation is set to "failure". |