CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

17.9.2 (L1) Ensure 'Audit Other SystemEvents' is set to 'Success and Failure' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This subcategory reports on other system events. Events for this subcategory include:

 5024 : The Windows Firewall Service has started successfully.  5025 : The Windows Firewall Service has been stopped.  5027 : The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.  5028 : The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.  5029: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.  5030: The Windows Firewall Service failed to start.  5032: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.  5033 : The Windows Firewall Driver has started successfully.  5034 : The Windows Firewall Driver has been stopped.  5035 : The Windows Firewall Driver failed to start.  5037 : The Windows Firewall Driver detected critical runtime error. Terminating.  5058: Key file operation.  5059: Key migration operation.

The recommended state for this setting is: Success and Failure .

Rationale:

Capturing these audit events may be useful for identifying when the Windows Firewall is not performing as expected.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed.

492 | P a g e

Made with FlippingBook - Online magazine maker