UCF STIG Viewer Logo

Audit policy using subcategories is enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14230 3.125 SV-25029r1_rule Medium
Description
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista and later.
STIG Date
Windows 7 Security Technical Implementation Guide 2018-02-12

Details

Check Text ( C-11575r1_chk )
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.

If the value for “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” is not set to “Enabled”, then this is a finding.

The policy referenced configures the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Control\Lsa\

Value Name: SCENoApplyLegacyAuditPolicy

Value Type: REG_DWORD
Value: 1
Fix Text (F-13554r1_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” to “Enabled”.