UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

File auditing configuration must meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
WN08-GE-000004 WN08-GE-000004 WN08-GE-000004_rule Medium
Description
Improper modification of the core system files can render a system inoperable. Further, modifications to these system files can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the system files provides a method of determining the responsible party.
STIG Date
Windows 8 Security Technical Implementation Guide 2012-11-21

Details

Check Text ( C-WN08-GE-000004_chk )
If system-level auditing is not enabled, or if the system and data partitions are not installed on NTFS partitions, then mark this as a finding.

Open File Explorer and use the file and folder properties function to verify that the audit settings on each partition/drive are configured to audit all "Failures" for the "Everyone" group.

If any partition/drive is not configured to at least the minimum requirement, this is a finding.
Fix Text (F-WN08-GE-000004_fix)
Configure auditing on each partition/drive to audit all "Failures" for the "Everyone" group.