Score:0

STIG validation -> group policy or user setting?

us flag

I'm trying to determine if the enforcement of a STIG rule is driven solely by group policy, or user setting, or some combination of both. By this, I mean that when a STIG rule is flagged as failing, and I correct the setting, the STIG rule still fails. For example, there is a rule in the Windows 10 STIG stipulating that the application event log must be at least # MB in size. If I modify the setting on my machine to make the size larger than that minimum, the STIG rule still fails. Does this mean that the size of the application event log must be controlled by a group policy, instead of just being updated by a user?

Score:0
us flag

That really depends on how this configuration item is being checked. It would be much easier if you provide more details on the SCAP content you are using to scan the machine. This SCAP content is usually an xml file that contains the instructions on how the scanner will actually check for something. It can be a line in a file, or value in the registry, etc. But you have to understand what the automated content is looking for.

Score:0
us flag

This is rule "xccdf_mil.disa.stig_rule_SV-220779r569187_rule" in the U_MS_Windows_10_V2R2_STIG_SCAP_1-2_Benchmark.xml STIG file. I obtained it from the National Checklist Registry. I also believe I've found my answer. Searching for SV-220779r569187_rule on STIGHub, I see this:

FIX

If the system is configured to send audit records directly to an audit server, this is NA. This must be documented with the ISSO.

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Event Log Service >> Application >> "Specify the maximum log file size (KB)" to "Enabled" with a "Maximum Log Size (KB)" of "32768" or greater.

So, it is policy driven, which explains why simply changing it in the event log settings (user) doesn't resolve the rule failure.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.