Key Security Events for NIST 800-171 Compliance

Account Logon
Credential Validation
The computer attempted to validate the credentials for an account
Kerberos Authentication Service
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Kerberos pre-authentication failed
Kerberos Service Ticket Operations
A Kerberos service ticket was requested
Account Management
Security Group Management
A member was added to a security-enabled global group
A member was added to a security-enabled local group
User Account Management
A user account was enabled
A user account was disabled
A user account was deleted
A user account was changed
A user account was locked out
Detailed Tracking
Process Creation
A new process has been created
Other Logon/Logoff Events
A session was reconnected to a Window Station
A session was disconnected from a Window Station
The workstation was locked
The workstation was unlocked
The screen saver was invoked
The screen saver was dismissed
Policy Change
Authentication Policy Change
System security access was granted to an account
System security access was removed from an account
Domain Policy was changed
Authorization Policy Change
A user right was assigned
A user right was removed
Security State Change
Administrator recovered system from CrashOnAuditFail.
System Integrity
Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits

Don't miss these events

Check your audit settings now


Audit Policy Requirements

Category Subcategory Audit Type
Policy Change Authentication Policy Change Success
Policy Change Authorization Policy Change Success
Account Logon Credential Validation Success, Failure
Account Logon Kerberos Authentication Service Failure
Account Logon Kerberos Service Ticket Operations Success, Failure
Logon/Logoff Other Logon/Logoff Events Success
Detailed Tracking Process Creation Success
Account Management Security Group Management Success
System Security State Change Success
System System Integrity Success
Account Management User Account Management Success