CMMC Compliance Events

Key Security Events for CMMC Compliance

Account Logon

Credential Validation

4776

The computer attempted to validate the credentials for an account

Kerberos Authentication Service

4771

Kerberos pre-authentication failed

Kerberos Service Ticket Operations

4769

A Kerberos service ticket was requested

Account Management

Security Group Management

4732

A member was added to a security-enabled local group

4728

A member was added to a security-enabled global group

User Account Management

4720

A user account was created

4722

A user account was enabled

4725

A user account was disabled

4726

A user account was deleted

4738

A user account was changed

4740

A user account was locked out

Detailed Tracking

Process Creation

4688

A new process has been created

Logon/Logoff

Logon

4624

An account was successfully logged on

Logon, Account Lockout

4625

An account failed to log on

Other Logon/Logoff Events

4778

A session was reconnected to a Window Station

4779

A session was disconnected from a Window Station

4800

The workstation was locked

4801

The workstation was unlocked

4803

The screen saver was dismissed

4802

The screen saver was invoked

Policy Change

Authentication Policy Change

4739

Domain Policy was changed

4717

System security access was granted to an account

4718

System security access was removed from an account

Authorization Policy Change

4705

A user right was removed

4704

A user right was assigned

System

Security State Change

4621

Administrator recovered system from CrashOnAuditFail.

System Integrity

4612

Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits

Are you compliant?

Check your audit settings now

Validator

CMMC

Reference Documentation

Audit Policy Requirements

Category	Subcategory	Audit Type
Policy Change	Authentication Policy Change	Success
Policy Change	Authorization Policy Change	Success
Account Logon	Credential Validation	Success, Failure
Account Logon	Kerberos Authentication Service	Failure
Account Logon	Kerberos Service Ticket Operations	Success, Failure
Logon/Logoff	Logon	Success
Logon/Logoff	Logon, Account Lockout	Failure
Logon/Logoff	Other Logon/Logoff Events	Success
Detailed Tracking	Process Creation	Success
Account Management	Security Group Management	Success
System	Security State Change	Success
System	System Integrity	Success
Account Management	User Account Management	Success