Win2k8 Audit

Overview

Version	Date	Finding Count (12)			Downloads
6	2013-06-10	CAT I (High): 0	CAT II (Med): 7	CAT III (Low): 5	Excel	JSON	XML

STIG Description
The Windows 2008 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows 2008 Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

STIG Description

The Windows 2008 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows 2008 Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles

Classified	Public	Sensitive
Audit and Audit Log Checks	I - Mission Critial Classified	I - Mission Critial Public	I - Mission Critial Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC Audit and Audit Log Checks)

Finding ID	Severity	Title	Description
V-1080	Medium	File-auditing configuration does not meet minimum requirements.	Improper modification of the core system files can render a system inoperable. Further, modifications to these system files can have a significant impact on the security configuration of the...
V-6850	Medium	Auditing records are configured as required.	Maintaining an audit trail of system activity logs can help identify configuration errors, troubleshoot service disruptions, analyze compromises that have occurred as well as detect an attack that...
V-1118	Medium	Event log sizes do not meet minimum requirements.	Inadequate log size will cause the log to fill up quickly and require frequent clearing by administrative personnel.
V-14229	Medium	Audit of Backup and Restore Privileges is not turned off.	This policy setting stops the system from generating audit events for every file backed up or restored which could fill the Security log in Windows.
V-14228	Medium	Audit Access to Global System Objects is not turned off.	This policy setting stops the system from setting up a default system access control list for certain system objects which could create a very large number of security events filling the Security...
V-14230	Medium	Audit policy using subcategories is enabled.	This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista and later.
V-15715	Medium	Error Reporting – Windows Error Reporting	This check verifies that Error Reporting is disabled.
V-15672	Low	Event Viewer Events.asp Links are not diabled.	This check verifies that Events.asp hyperlinks in Event Viewer are not available.
V-4108	Low	The system does not generate an audit event when the audit log reaches a percent full threshold.	When the audit log reaches a given percent full, an audit event is written to the security log. The event ID is 523 and is recorded as a success audit under the category of System. This option may...
V-15707	Low	Remote Assistance – Session Logging	This check verifies that Remote Assistance log files will be generated.
V-15714	Low	Error Reporting – Logging	This check verifies that Error Reporting events will be logged in the system event log.
V-15717	Low	Error Reporting – Additional Data	This check verifies that additional data requests in response to Error Reporting will be declined.