CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark
17.9.2 (L1) Ensure 'Audit Other SystemEvents' is set to 'Success and Failure' (Scored)
ProfileApplicability:
Level 1 (L1) - Corporate/Enterprise Environment (general use)
Description:
This subcategory reports on other system events. Events for this subcategory include:
5024 : The Windows Firewall Service has started successfully. 5025 : The Windows Firewall Service has been stopped. 5027 : The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. 5028 : The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. 5029: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. 5030: The Windows Firewall Service failed to start. 5032: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. 5033 : The Windows Firewall Driver has started successfully. 5034 : The Windows Firewall Driver has been stopped. 5035 : The Windows Firewall Driver failed to start. 5037 : The Windows Firewall Driver detected critical runtime error. Terminating. 5058: Key file operation. 5059: Key migration operation.
The recommended state for this setting is: Success and Failure .
Rationale:
Capturing these audit events may be useful for identifying when the Windows Firewall is not performing as expected.
Audit:
Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed.
492 | P a g e
Made with FlippingBook - Online magazine maker