CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

17.7.5 (L1) Ensure 'Audit Other Policy Change Events' is set to include 'Failure' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This subcategory contains events about EFS Data Recovery Agent policy changes, changes in Windows Filtering Platform filter, status on Security policy settings updates for local Group Policy settings, Central Access Policy changes, and detailed troubleshooting events for Cryptographic Next Generation (CNG) operations.  5063: A cryptographic provider operation was attempted.  5064: A cryptographic context operation was attempted.  5065: A cryptographic context modification was attempted.  5066: A cryptographic function operation was attempted.  5067: A cryptographic function modification was attempted.  5068: A cryptographic function provider operation was attempted.  5069: A cryptographic function property operation was attempted.  5070: A cryptographic function property modification was attempted.  6145: One or more errors occurred while processing security policy in the group policy objects.

The recommended state for this setting is to include: Failure .

Rationale:

This setting can help detect errors in applied Security settings which came fromGroup Policy, and failure events related to Cryptographic Next Generation (CNG) functions.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed.

484 | P a g e