Key Security Events for NIST 800-171 Compliance

Account Logon
Credential Validation
The computer attempted to validate the credentials for an account
Kerberos Authentication Service
Kerberos pre-authentication failed
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Kerberos Service Ticket Operations
A Kerberos service ticket was requested
Account Management
Security Group Management
A member was added to a security-enabled local group
A member was added to a security-enabled global group
User Account Management
A user account was deleted
A user account was locked out
A user account was changed
A user account was disabled
A user account was enabled
Detailed Tracking
Process Creation
A new process has been created
Other Logon/Logoff Events
The screen saver was dismissed
A session was reconnected to a Window Station
A session was disconnected from a Window Station
The workstation was locked
The workstation was unlocked
The screen saver was invoked
Policy Change
Authentication Policy Change
Domain Policy was changed
System security access was removed from an account
System security access was granted to an account
Authorization Policy Change
A user right was removed
A user right was assigned
Security State Change
Administrator recovered system from CrashOnAuditFail.
System Integrity
Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits

Are you compliant?

Check your audit settings now


Audit Policy Requirements

Category Subcategory Audit Type
Policy Change Authentication Policy Change Success
Policy Change Authorization Policy Change Success
Account Logon Credential Validation Success, Failure
Account Logon Kerberos Authentication Service Failure
Account Logon Kerberos Service Ticket Operations Success, Failure
Logon/Logoff Other Logon/Logoff Events Success
Detailed Tracking Process Creation Success
Account Management Security Group Management Success
System Security State Change Success
System System Integrity Success
Account Management User Account Management Success