| ID | Event Description |
|---|---|
| 4612 |
Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits
Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3, CMMC L2
|
| 4621 |
Administrator recovered system from CrashOnAuditFail.
Audit Success, NIST SP 800-53, NIST 800-171, CMMC L2
|
| 4624 |
An account was successfully logged on
CJIS, Audit Success, ISO 27001:2013, HIPAA, NIST SP 800-53, CMMC L1, NIST 800-171
|
| 4625 |
An account failed to log on
Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST SP 800-53, NIST 800-171, CMMC L1
|
| 4688 |
A new process has been created
NIST 800-171, NIST SP 800-53, Audit Success, ISO 27001:2013, CMMC L3
|
| 4704 |
A user right was assigned
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
| 4705 |
A user right was removed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1, CMMC L3
|
| 4717 |
System security access was granted to an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
| 4718 |
System security access was removed from an account
ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4720 |
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
| 4722 |
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
| 4725 |
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4726 |
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
| 4728 |
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4732 |
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
| 4738 |
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
| 4739 |
Domain Policy was changed
Domain Controller, NIST 800-171, NIST SP 800-53, ISO 27001:2013, Audit Success, CMMC L3
|
| 4740 |
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
| 4768 |
This event generates every time Key Distribution Center issues a Kerberos Ticket Granting Ticket (TGT).
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, NIST 800-171, NIST SP 800-53
|
| 4769 |
A Kerberos service ticket was requested
Domain Controller, Audit Success, Audit Failure, CJIS, ISO 27001:2013, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4771 |
Kerberos pre-authentication failed
Domain Controller, Audit Failure, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC-L2
|
| 4776 |
The computer attempted to validate the credentials for an account
Audit Failure, Audit Success, CJIS, ISO 27001:2013, PCI-DSS, HIPAA, NIST 800-171, NIST SP 800-53, CMMC L1
|
| 4778 |
A session was reconnected to a Window Station
Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4779 |
A session was disconnected from a Window Station
Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4800 |
The workstation was locked
Audit Success, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4801 |
The workstation was unlocked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4802 |
The screen saver was invoked
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|
| 4803 |
The screen saver was dismissed
ISO 27001:2013, Audit Success, NIST 800-171, NIST SP 800-53, CMMC L3
|