NIST 800-171 Compliance Events

Key Security Events for NIST 800-171 Compliance

Account Logon

Credential Validation

4776

The computer attempted to validate the credentials for an account

Kerberos Authentication Service

4771

Kerberos pre-authentication failed

4768

This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).

Kerberos Service Ticket Operations

4769

A Kerberos service ticket was requested

Account Management

Security Group Management

4732

A member was added to a security-enabled local group

4728

A member was added to a security-enabled global group

User Account Management

4726

A user account was deleted

4740

A user account was locked out

4738

A user account was changed

4725

A user account was disabled

4722

A user account was enabled

Detailed Tracking

Process Creation

4688

A new process has been created

Logon/Logoff

Other Logon/Logoff Events

4803

The screen saver was dismissed

4778

A session was reconnected to a Window Station

4779

A session was disconnected from a Window Station

4800

The workstation was locked

4801

The workstation was unlocked

4802

The screen saver was invoked

Policy Change

Authentication Policy Change

4739

Domain Policy was changed

4718

System security access was removed from an account

4717

System security access was granted to an account

Authorization Policy Change

4705

A user right was removed

4704

A user right was assigned

System

Security State Change

4621

Administrator recovered system from CrashOnAuditFail.

System Integrity

4612

Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits

Are you compliant?

Check your audit settings now

Validator

NIST 800-171

Reference Documentation
Wikipedia

Audit Policy Requirements

Category	Subcategory	Audit Type
Policy Change	Authentication Policy Change	Success
Policy Change	Authorization Policy Change	Success
Account Logon	Credential Validation	Success, Failure
Account Logon	Kerberos Authentication Service	Failure
Account Logon	Kerberos Service Ticket Operations	Success, Failure
Logon/Logoff	Other Logon/Logoff Events	Success
Detailed Tracking	Process Creation	Success
Account Management	Security Group Management	Success
System	Security State Change	Success
System	System Integrity	Success
Account Management	User Account Management	Success