e929216f-d0f8-4d32-bece-d3eb404e724e
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.
Accounts with the "Manage auditing and security log" user right can manage the security log and change auditing configurations. This could be used to clear evidence of tampering.
Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPOS-00029, SRG-OS-000063-GPOS-00032, SRG-OS-000337-GPOS-00129
To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ User Rights Assignment
|_ Manage auditing and security log to include only the following accounts or groups:
- Administrators
STIG: Server
2025: https://system32.eventsentry.com/stig/viewer/V-278257
2022: https://system32.eventsentry.com/stig/viewer/V-254507
2019: https://system32.eventsentry.com/stig/viewer/V-205643
2016: https://system32.eventsentry.com/stig/viewer/V-225086
Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253501
W10: https://system32.eventsentry.com/stig/viewer/V-220978
NIST 800-53 : AU-9, AU-12, AC-3, AC-6, CM-6
NIST 800-171: 3.3.8, 3.3.9, 3.1.1, 3.1.2, 3.4.6
CMMC v2.0 L2: AU.L2-3.3.8, AU.L2-3.3.9, AC.L2-3.1.1, AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 7.2.1, 10.3.4
HIPAA SR : §164.312(b), §164.312(c)(1)
HIPAA HICP : Practice 3 (Identity and Access Management), Practice 8 (Incident Response)
Manage your cookie preferences below:
To learn more about our use of cookies, please see our
Privacy Policy.