Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Registry key auditing configuration does not meet minimum requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1088 | 3.010 | SV-25135r2_rule | ECAR-3 | Medium |
| Description |
|---|
| Improper modification of the Registry can render a system useless. Modifications to the Registry can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the Registry provides a method of determining the responsible party. |
| STIG | Date |
|---|---|
| Windows 7 Security Technical Implementation Guide | 2012-08-22 |
Details
| Check Text ( C-32851r2_chk ) |
|---|
| Verify system level auditing of object access is properly configured (see V-26545 “Object Access - Registry”). If this is not configured to audit “Failure”, this requirement is a finding. Verify detailed registry auditing is configured. Run “Regedit”. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM keys. On the menu bar, select “Edit” then “Permissions”. Click on the “Advanced” button. Select the “Auditing” tab. Verify the following is configured: Type – Fail Name – Everyone Access – Full Control Apply to – This key and subkeys If the “Everyone” group, at a minimum is not being audited for all failures, this is a finding. |
| Fix Text (F-28953r1_fix) |
|---|
| Configure the HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM keys to audit the Everyone Group for all failures. Audit settings should be propagated to subkeys. |