SRG-OS-000037-GPOS-00015 Controls

STIG IDVersionTitleProduct
ALMA-09-047100V1R2The audit package must be installed on AlmaLinux OS 9.
ALMA-09-047540V1R2AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
ALMA-09-047650V1R2AlmaLinux OS 9 must generate audit records for any use of the "mount" command.
ALMA-09-047760V1R2AlmaLinux OS 9 must generate audit records for any use of the "umount" command.
ALMA-09-047870V1R2Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.
ALMA-09-047980V1R2AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.
ALMA-09-048090V1R2AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.
ALMA-09-048200V1R2AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.
ALMA-09-048310V1R2AlmaLinux OS 9 must generate audit records for any use of the "chage" command.
ALMA-09-048420V1R2AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.
ALMA-09-048530V1R2AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.
ALMA-09-048640V1R2AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.
ALMA-09-048750V1R2AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.
ALMA-09-048860V1R2AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.
ALMA-09-048970V1R2AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.
ALMA-09-049190V1R2AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.
ALMA-09-049300V1R2AlmaLinux OS 9 must audit all uses of the kmod command.
ALMA-09-049410V1R2AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.
ALMA-09-049520V1R2AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.
ALMA-09-049630V1R2AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.
ALMA-09-049740V1R2AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.
ALMA-09-049850V1R2AlmaLinux OS 9 must generate audit records for any use of the "su" command.
ALMA-09-049960V1R2AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.
ALMA-09-050070V1R2AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.
ALMA-09-050180V1R2AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.
ALMA-09-050290V1R2AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.
ALMA-09-050400V1R2AlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.
ALMA-09-050510V1R2AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.
ALMA-09-050620V1R2AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.
ALMA-09-050730V1R2AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.
ALMA-09-050840V1R2AlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.
ALMA-09-050950V1R2AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.
ALMA-09-051060V1R2AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.
ALMA-09-051170V1R2AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.
ALMA-09-051280V1R2AlmaLinux OS 9 must generate audit records for any use of the "usermod" command.
ALMA-09-051390V1R2AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
APPL-14-001003V2R3The macOS system must enable security auditing.
APPL-15-001003V1R3The macOS system must enable security auditing.
OL07-00-030680V3R2The Oracle Linux operating system must audit all uses of the su command.
OL07-00-030690V3R2The Oracle Linux operating system must audit all uses of the sudo command.
OL07-00-030700V3R2The Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
OL07-00-030710V3R2The Oracle Linux operating system must audit all uses of the newgrp command.
OL07-00-030720V3R2The Oracle Linux operating system must audit all uses of the chsh command.
OL08-00-030180V2R4The OL 8 audit package must be installed.
OL08-00-030181V2R4OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
OL08-00-030190V2R4OL 8 must generate audit records for any use of the "su" command.
OL08-00-030200V2R4The OL 8 audit system must be configured to audit any use of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.
OL08-00-030250V2R4OL 8 must generate audit records for any use of the "chage" command.
OL08-00-030260V2R4OL 8 must generate audit records for any uses of the "chcon" command.
OL08-00-030280V2R4OL 8 must generate audit records for any use of the "ssh-agent" command.
OL08-00-030290V2R4OL 8 must generate audit records for any use of the "passwd" command.
OL08-00-030300V2R4OL 8 must generate audit records for any use of the "mount" command.
OL08-00-030301V2R4OL 8 must generate audit records for any use of the "umount" command.
OL08-00-030302V2R4OL 8 must generate audit records for any use of the "mount" syscall.
OL08-00-030310V2R4OL 8 must generate audit records for any use of the "unix_update" command.
OL08-00-030311V2R4OL 8 must generate audit records for any use of the "postdrop" command.
OL08-00-030312V2R4OL 8 must generate audit records for any use of the "postqueue" command.
OL08-00-030316V2R4OL 8 must generate audit records for any use of the "setsebool" command.
OL08-00-030317V2R4OL 8 must generate audit records for any use of the "unix_chkpwd" command.
OL08-00-030320V2R4OL 8 must generate audit records for any use of the "ssh-keysign" command.
OL08-00-030330V2R4OL 8 must generate audit records for any use of the "setfacl" command.
OL08-00-030340V2R4OL 8 must generate audit records for any use of the "pam_timestamp_check" command.
OL08-00-030350V2R4OL 8 must generate audit records for any use of the "newgrp" command.
OL08-00-030360V2R4OL 8 must generate audit records for any use of the "init_module" and "finit_module" system calls.
OL08-00-030361V2R4OL 8 must generate audit records for any use of the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls.
OL08-00-030370V2R4OL 8 must generate audit records for any use of the "gpasswd" command.
OL08-00-030390V2R4OL 8 must generate audit records for any use of the delete_module syscall.
OL08-00-030400V2R4OL 8 must generate audit records for any use of the "crontab" command.
OL08-00-030410V2R4OL 8 must generate audit records for any use of the "chsh" command.
OL08-00-030420V2R4OL 8 must generate audit records for any use of the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls.
OL08-00-030480V2R4OL 8 must generate audit records for any use of the "chown", "fchown", "fchownat", and "lchown" system calls.
OL08-00-030490V2R4OL 8 must generate audit records for any use of the "chmod", "fchmod", and "fchmodat" system calls.
OL08-00-030550V2R4OL 8 must generate audit records for any use of the "sudo" command.
OL08-00-030560V2R4OL 8 must generate audit records for any use of the "usermod" command.
OL08-00-030570V2R4OL 8 must generate audit records for any use of the "chacl" command.
OL08-00-030580V2R4OL 8 must generate audit records for any use of the "kmod" command.
OL08-00-030590V2R4OL 8 must generate audit records for any attempted modifications to the "faillock" log file.
OL08-00-030600V2R4OL 8 must generate audit records for any attempted modifications to the "lastlog" file.
OL08-00-030601V2R4OL 8 must enable auditing of processes that start prior to the audit daemon.
OL08-00-030602V2R4OL 8 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon.
OL09-00-000535V1R1OL 9 must audit all uses of the unix_update command.
OL09-00-000540V1R1OL 9 must audit all uses of the su command.
OL09-00-000545V1R1OL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
OL09-00-000550V1R1OL 9 must audit all uses of the chage command.
OL09-00-000555V1R1OL 9 must audit all uses of the chcon command.
OL09-00-000560V1R1OL 9 must audit all uses of the setfacl command.
OL09-00-000565V1R1OL 9 must audit all uses of the chsh command.
OL09-00-000570V1R1OL 9 must audit all uses of the crontab command.
OL09-00-000575V1R1OL 9 must audit all uses of the gpasswd command.
OL09-00-000580V1R1OL 9 must audit all uses of the newgrp command.
OL09-00-000585V1R1OL 9 must audit all uses of the pam_timestamp_check command.
OL09-00-000590V1R1OL 9 must audit all uses of the passwd command.
OL09-00-000595V1R1OL 9 must audit all uses of the postdrop command.
OL09-00-000600V1R1OL 9 must audit all uses of the postqueue command.
OL09-00-000605V1R1OL 9 must audit all uses of the ssh-agent command.
OL09-00-000610V1R1OL 9 must audit all uses of the ssh-keysign command.
OL09-00-000615V1R1OL 9 must audit all uses of the sudoedit command.
OL09-00-000620V1R1OL 9 must audit all uses of the unix_chkpwd command.
OL09-00-000625V1R1OL 9 must audit all uses of the userhelper command.
OL09-00-000630V1R1OL 9 must audit all uses of the mount command.
OL09-00-000635V1R1OL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.
OL09-00-000640V1R1OL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.
OL09-00-000645V1R1OL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.
OL09-00-000650V1R1OL 9 must audit all uses of the semanage command.
OL09-00-000655V1R1OL 9 must audit all uses of the setfiles command.
OL09-00-000660V1R1OL 9 must audit all uses of the setsebool command.
OL09-00-000665V1R1OL 9 must audit all uses of the chacl command.
OL09-00-000670V1R1OL 9 must audit all uses of the sudo command.
OL09-00-000675V1R1OL 9 must audit all uses of the usermod command.
OL09-00-000680V1R1OL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.
OL09-00-000685V1R1OL 9 must audit all uses of the delete_module system call.
OL09-00-000690V1R1OL 9 must audit all uses of the init_module and finit_module system calls.
OL09-00-000695V1R1OL 9 must audit all uses of the kmod command.
OL09-00-000700V1R1OL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
OL09-00-000705V1R1OL 9 must audit all uses of umount system calls.
OL09-00-000750V1R1OL 9 must enable auditing of processes that start prior to the audit daemon.
OL09-00-000840V1R1OL 9 must be configured so that successful/unsuccessful uses of the umount system call generate an audit record.
OL09-00-000845V1R1OL 9 must be configured so that successful/unsuccessful uses of the umount2 system call generate an audit record.
RHEL-07-030680V3R9The Red Hat Enterprise Linux operating system must audit all uses of the su command.
RHEL-07-030690V3R9The Red Hat Enterprise Linux operating system must audit all uses of the sudo command.
RHEL-07-030700V3R9The Red Hat Enterprise Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
RHEL-07-030710V3R9The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command.
RHEL-07-030720V3R9The Red Hat Enterprise Linux operating system must audit all uses of the chsh command.
RHEL-09-212055V2R4RHEL 9 must enable auditing of processes that start prior to the audit daemon.
RHEL-09-654015V2R4RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.
RHEL-09-654020V2R4RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.
RHEL-09-654025V2R4RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
RHEL-09-654030V2R4RHEL 9 must audit all uses of umount system calls.
RHEL-09-654035V2R4RHEL 9 must audit all uses of the chacl command.
RHEL-09-654040V2R4RHEL 9 must audit all uses of the setfacl command.
RHEL-09-654045V2R4RHEL 9 must audit all uses of the chcon command.
RHEL-09-654050V2R4RHEL 9 must audit all uses of the semanage command.
RHEL-09-654055V2R4RHEL 9 must audit all uses of the setfiles command.
RHEL-09-654060V2R4RHEL 9 must audit all uses of the setsebool command.
RHEL-09-654065V2R4RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.
RHEL-09-654070V2R4RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.
RHEL-09-654075V2R4RHEL 9 must audit all uses of the delete_module system call.
RHEL-09-654080V2R4RHEL 9 must audit all uses of the init_module and finit_module system calls.
RHEL-09-654085V2R4RHEL 9 must audit all uses of the chage command.
RHEL-09-654090V2R4RHEL 9 must audit all uses of the chsh command.
RHEL-09-654095V2R4RHEL 9 must audit all uses of the crontab command.
RHEL-09-654100V2R4RHEL 9 must audit all uses of the gpasswd command.
RHEL-09-654105V2R4RHEL 9 must audit all uses of the kmod command.
RHEL-09-654110V2R4RHEL 9 must audit all uses of the newgrp command.
RHEL-09-654115V2R4RHEL 9 must audit all uses of the pam_timestamp_check command.
RHEL-09-654120V2R4RHEL 9 must audit all uses of the passwd command.
RHEL-09-654125V2R4RHEL 9 must audit all uses of the postdrop command.
RHEL-09-654130V2R4RHEL 9 must audit all uses of the postqueue command.
RHEL-09-654135V2R4RHEL 9 must audit all uses of the ssh-agent command.
RHEL-09-654140V2R4RHEL 9 must audit all uses of the ssh-keysign command.
RHEL-09-654145V2R4RHEL 9 must audit all uses of the su command.
RHEL-09-654150V2R4RHEL 9 must audit all uses of the sudo command.
RHEL-09-654155V2R4RHEL 9 must audit all uses of the sudoedit command.
RHEL-09-654160V2R4RHEL 9 must audit all uses of the unix_chkpwd command.
RHEL-09-654165V2R4RHEL 9 must audit all uses of the unix_update command.
RHEL-09-654170V2R4RHEL 9 must audit all uses of the userhelper command.
RHEL-09-654175V2R4RHEL 9 must audit all uses of the usermod command.
RHEL-09-654180V2R4RHEL 9 must audit all uses of the mount command.
RHEL-09-654205V2R4Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.
RHEL-09-654210V2R4Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.
RHEL-09-654255V2R4RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.
SLES-12-020010V3R2SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
SLES-12-020250V3R2The SUSE operating system must generate audit records for all uses of the su command.
SLES-12-020260V3R2The SUSE operating system must generate audit records for all uses of the sudo command.
SLES-12-020280V3R2The SUSE operating system must generate audit records for all uses of the chfn command.
SLES-12-020290V3R2The SUSE operating system must generate audit records for all uses of the mount command.
SLES-12-020300V3R2The SUSE operating system must generate audit records for all uses of the umount command.
SLES-12-020310V3R2The SUSE operating system must generate audit records for all uses of the ssh-agent command.
SLES-12-020320V3R2The SUSE operating system must generate audit records for all uses of the ssh-keysign command.
SLES-12-020360V3R2The SUSE operating system must generate audit records for all uses of the kmod command.
SLES-12-020370V3R2The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.
SLES-12-020420V3R2The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown syscalls.
SLES-12-020460V3R2The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.
SLES-12-020490V3R2The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.
SLES-12-020550V3R2The SUSE operating system must generate audit records for all uses of the passwd command.
SLES-12-020560V3R2The SUSE operating system must generate audit records for all uses of the gpasswd command.
SLES-12-020570V3R2The SUSE operating system must generate audit records for all uses of the newgrp command.
SLES-12-020580V3R2The SUSE operating system must generate audit records for a uses of the chsh command.
SLES-12-020600V3R2The SUSE operating system must generate audit records for all uses of the chmod command.
SLES-12-020610V3R2The SUSE operating system must generate audit records for all uses of the setfacl command.
SLES-12-020620V3R2The SUSE operating system must generate audit records for all uses of the chacl command.
SLES-12-020630V3R2Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.
SLES-12-020640V3R2The SUSE operating system must generate audit records for all uses of the rm command.
SLES-12-020650V3R2The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.
SLES-12-020660V3R2The SUSE operating system must generate audit records for all modifications to the lastlog file.
SLES-12-020670V3R2The SUSE operating system must generate audit records for all uses of the passmass command.
SLES-12-020680V3R2The SUSE operating system must generate audit records for all uses of the unix_chkpwd command.
SLES-12-020690V3R2The SUSE operating system must generate audit records for all uses of the chage command.
SLES-12-020700V3R2The SUSE operating system must generate audit records for all uses of the usermod command.
SLES-12-020710V3R2The SUSE operating system must generate audit records for all uses of the crontab command.
SLES-12-020720V3R2The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.
SLES-12-020730V3R2The SUSE operating system must generate audit records for all uses of the delete_module command.
SLES-12-020740V3R2The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls.
SLES-12-020760V3R2The SUSE operating system must generate audit records for all modifications to the faillog file.
SLES-12-020411V3R2The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.
SLES-15-030050V2R4SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
SLES-15-030060V2R4The SUSE operating system must generate audit records for all uses of the ssh-keysign command.
SLES-15-030070V2R4The SUSE operating system must generate audit records for all uses of the passwd command.
SLES-15-030080V2R4The SUSE operating system must generate audit records for all uses of the gpasswd command.
SLES-15-030090V2R4The SUSE operating system must generate audit records for all uses of the newgrp command.
SLES-15-030100V2R4The SUSE operating system must generate audit records for a uses of the chsh command.
SLES-15-030110V2R4The SUSE operating system must generate audit records for all uses of the unix_chkpwd or unix2_chkpwd commands.
SLES-15-030120V2R4The SUSE operating system must generate audit records for all uses of the chage command.
SLES-15-030130V2R4The SUSE operating system must generate audit records for all uses of the crontab command.
SLES-15-030140V2R4The SUSE operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.
SLES-15-030150V2R4The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.
SLES-15-030190V2R4The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.
SLES-15-030250V2R4The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown system calls.
SLES-15-030290V2R4The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.
SLES-15-030330V2R4The SUSE operating system must generate audit records for all uses of the sudoedit command.
SLES-15-030340V2R4The SUSE operating system must generate audit records for all uses of the chfn command.
SLES-15-030350V2R4The SUSE operating system must generate audit records for all uses of the mount system call.
SLES-15-030360V2R4The SUSE operating system must generate audit records for all uses of the umount system call.
SLES-15-030370V2R4The SUSE operating system must generate audit records for all uses of the ssh-agent command.
SLES-15-030380V2R4The SUSE operating system must generate audit records for all uses of the insmod command.
SLES-15-030390V2R4The SUSE operating system must generate audit records for all uses of the rmmod command.
SLES-15-030400V2R4The SUSE operating system must generate audit records for all uses of the modprobe command.
SLES-15-030410V2R4The SUSE operating system must generate audit records for all uses of the kmod command.
SLES-15-030420V2R4The SUSE operating system must generate audit records for all uses of the chmod command.
SLES-15-030430V2R4The SUSE operating system must generate audit records for all uses of the setfacl command.
SLES-15-030440V2R4The SUSE operating system must generate audit records for all uses of the chacl command.
SLES-15-030450V2R4The SUSE operating system must generate audit records for all uses of the chcon command.
SLES-15-030460V2R4The SUSE operating system must generate audit records for all uses of the rm command.
SLES-15-030470V2R4The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.
SLES-15-030480V2R4The SUSE operating system must generate audit records for all modifications to the lastlog file.
SLES-15-030490V2R4The SUSE operating system must generate audit records for all uses of the passmass command.
SLES-15-030500V2R4The SUSE operating system must generate audit records for all uses of the usermod command.
SLES-15-030510V2R4The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.
SLES-15-030520V2R4The SUSE operating system must generate audit records for all uses of the delete_module system call.
SLES-15-030530V2R4The SUSE operating system must generate audit records for all uses of the init_module and finit_module system calls.
SLES-15-030550V2R4The SUSE operating system must generate audit records for all uses of the su command.
SLES-15-030560V2R4The SUSE operating system must generate audit records for all uses of the sudo command.
UBTU-22-653010V2R4Ubuntu 22.04 LTS must have the "auditd" package installed.
UBTU-22-653015V2R4Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
WN10-AU-000555V3R4Windows 10 must be configured to audit Other Policy Change Events Failures.
WN10-AU-000560V3R4Windows 10 must be configured to audit other Logon/Logoff Events Successes.
WN10-AU-000565V3R4Windows 10 must be configured to audit other Logon/Logoff Events Failures.
WN10-AU-000570V3R4Windows 10 must be configured to audit Detailed File Share Failures.
WN10-AU-000575V3R4Windows 10 must be configured to audit MPSSVC Rule-Level Policy Change Successes.
WN10-AU-000580V3R4Windows 10 must be configured to audit MPSSVC Rule-Level Policy Change Failures.
WN10-AU-000585V3R4Windows 10 must have command line process auditing events enabled for failures.
WN11-AU-000550V2R3Windows 11 must be configured to audit Other Policy Change Events Successes.
WN11-AU-000555V2R3Windows 11 must be configured to audit Other Policy Change Events Failures.
WN11-AU-000560V2R3Windows 11 must be configured to audit other Logon/Logoff Events Successes.
WN11-AU-000565V2R3Windows 11 must be configured to audit other Logon/Logoff Events Failures.
WN11-AU-000570V2R3Windows 11 must be configured to audit Detailed File Share Failures.
WN11-AU-000575V2R3Windows 11 must be configured to audit MPSSVC Rule-Level Policy Change Successes.
WN11-AU-000580V2R3Windows 11 must be configured to audit MPSSVC Rule-Level Policy Change Failures.
WN11-AU-000585V2R3Windows 11 must have command line process auditing events enabled for failures.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.