Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1080 | 2.007 | SV-32247r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
Description |
---|
Improper modification of the core system files can render a system inoperable. Further, modifications to these system files can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the system files provides a method of determining the responsible party. |
STIG | Date |
---|---|
Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2012-07-02 |
Check Text ( C-23r1_chk ) |
---|
If system-level auditing is not enabled, or if the system and data partitions are not installed on NTFS partitions, then mark this as a finding. Open Windows Explorer and use the file and folder properties function to verify that the audit settings on each partition/drive is configured to audit all "failures" for the "Everyone" group. If any partition/drive is not configured to at least the minimum requirement, then this is a finding. |
Fix Text (F-52r1_fix) |
---|
Configure auditing on each partition/drive to audit all "Failures" for the "Everyone" group. |