Title

The file system must be audited for failed access attempts. (Cat II impact)

Discussion

Improper modification of system files can have a significant impact on the security configuration of a system as well as potentially rendering a system inoperable. Failed access attempts may indicate an attack on a system. Auditing for failed access attempts provides an indicator of such attempts and a method of determining responsible parties.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> Global Object Access Auditing -> "File system" to audit the "Everyone" group for all "Failed" categories.

Additional Identifiers

Rule ID: SV-32247r2_rule

Vulnerability ID: V-1080

Group Title: File Auditing Configuration

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.