ISO 27001:2013 Compliance Events

Key Security Events for ISO 27001:2013 Compliance

Account Logon

Credential Validation

4776

The computer attempted to validate the credentials for an account

Kerberos Authentication Service

4771

Kerberos pre-authentication failed

4768

This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).

Kerberos Service Ticket Operations

4769

A Kerberos service ticket was requested

Account Management

Security Group Management

4732

A member was added to a security-enabled local group

4728

A member was added to a security-enabled global group

4756

A member was added to a security-enabled universal group

User Account Management

4738

A user account was changed

4726

A user account was deleted

4725

A user account was disabled

4724

An attempt was made to reset an account's password

4722

A user account was enabled

4720

A user account was created

4740

A user account was locked out

4767

A user account was unlocked

Detailed Tracking

Process Creation

4688

A new process has been created

Logon/Logoff

Logon

4624

An account was successfully logged on

Logon, Account Lockout

4625

An account failed to log on

Other Logon/Logoff Events

4649

A replay attack was detected

4800

The workstation was locked

4801

The workstation was unlocked

4802

The screen saver was invoked

4803

The screen saver was dismissed

Policy Change

Authentication Policy Change

4739

Domain Policy was changed

4718

System security access was removed from an account

4717

System security access was granted to an account

Authorization Policy Change

4705

A user right was removed

4704

A user right was assigned

System

Other System Events

1102

The audit log was cleared

Are you compliant?

Check your audit settings now

Validator

ISO 27001:2013

Reference Documentation
Wikipedia

Audit Policy Requirements

Category	Subcategory	Audit Type
Policy Change	Authentication Policy Change	Success
Policy Change	Authorization Policy Change	Success
Account Logon	Credential Validation	Success, Failure
Account Logon	Kerberos Authentication Service	Failure
Account Logon	Kerberos Service Ticket Operations	Success, Failure
Logon/Logoff	Logon	Success
Logon/Logoff	Logon, Account Lockout	Failure
Logon/Logoff	Other Logon/Logoff Events	Success
System	Other System Events	Success
Detailed Tracking	Process Creation	Success
Account Management	Security Group Management	Success
Account Management	User Account Management	Success