UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Registry key auditing configuration does not meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1088 3.010 SV-29631r2_rule ECAR-3 Medium
Description
Improper modification of the Registry can render a system useless. Modifications to the Registry can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the Registry provides a method of determining the responsible party.
STIG Date
Windows 2008 Member Server Security Technical Implementation Guide 2012-08-28

Details

Check Text ( C-41199r1_chk )
Verify system level auditing of object access is properly configured (see V-6850 “Object access - Registry”). If this is not configured to audit “Failure”, this requirement is a finding.

Verify detailed registry auditing is configured.
Run “Regedit”.
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM keys.
On the menu bar, select “Edit” then “Permissions”.
Click on the “Advanced” button.
Select the “Auditing” tab.
Verify the following is configured:
Type - Fail
Name - Everyone
Access - Full Control
Apply to - This key and subkeys

If the “Everyone” group, at a minimum is not being audited for all failures, this is a finding.
Fix Text (F-28953r1_fix)
Configure the HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM keys to audit the Everyone Group for all failures. Audit settings should be propagated to subkeys.