Windows Security Events

ID	Event Description
4670	Permissions on an object were changed Audit Success
4703	A token right was adjusted Audit Success
4704	A user right was assigned ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
4705	A user right was removed ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
4714	Data Recovery Agent group policy for Encrypting File System (EFS) has changed
4911	Resource attributes of the object were changed Audit Success
4913	Central Access Policy on the object was changed Audit Success