UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

File auditing configuration will meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1080 2.007 SV-32247r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Improper modification of the core system files can render a system inoperable. Further, modifications to these system files can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the system files provides a method of determining the responsible party.
STIG Date
Windows Server 2008 R2 Member Server Security Technical Implementation Guide 2012-07-02

Details

Check Text ( C-23r1_chk )
If system-level auditing is not enabled, or if the system and data partitions are not installed on NTFS partitions, then mark this as a finding.

Open Windows Explorer and use the file and folder properties function to verify that the audit settings on each partition/drive is configured to audit all "failures" for the "Everyone" group.

If any partition/drive is not configured to at least the minimum requirement, then this is a finding.
Fix Text (F-52r1_fix)
Configure auditing on each partition/drive to audit all "Failures" for the "Everyone" group.