| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-220766 | CAT II | MONT-WS-92040 | Microsoft Windows 10 Security Technical ... | The system must be configured to audit Object Acce... | - | |||
Check TextSecurity Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective. Use the AuditPol tool to review the current Audit Policy configuration: Open a Command Prompt with elevated privileges ("Run as Administrator"). Enter "AuditPol /get /category:*" Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding: Object Access >> Removable Storage - Success Some virtual machines may generate excessive audit events for access to the virtual hard disk itself when this setting is enabled. This may be set to Not Configured in such cases and would not be a finding. This must be documented with the ISSO to include mitigations such as monitoring or restricting any actual removable storage connected to the VM. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Removable Storage" with "Success" selected. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2407B24433D2B954716743C3A3B170CD2F14F60B ~~~~~ Removable Storage: Success and Failure
Source: _Reviewed/MONT-WS-92040/Checklist/MONT-WS-92040_Win10_V3R4_20251023-142421.ckl
Scan Date: 2026-01-14T12:57:26.690022
Technology Area: Windows Operating System
|
||||||||
| V-220766 | CAT II | MONT-WS-92010 | Microsoft Windows 10 Security Technical ... | The system must be configured to audit Object Acce... | - | |||
Check TextSecurity Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective. Use the AuditPol tool to review the current Audit Policy configuration: Open a Command Prompt with elevated privileges ("Run as Administrator"). Enter "AuditPol /get /category:*" Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding: Object Access >> Removable Storage - Success Some virtual machines may generate excessive audit events for access to the virtual hard disk itself when this setting is enabled. This may be set to Not Configured in such cases and would not be a finding. This must be documented with the ISSO to include mitigations such as monitoring or restricting any actual removable storage connected to the VM. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Removable Storage" with "Success" selected. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2407B24433D2B954716743C3A3B170CD2F14F60B ~~~~~ Removable Storage: Success and Failure
Source: _Reviewed/MONT-WS-92010/Checklist/MONT-WS-92010_Win10_V3R4_20251023-141133.ckl
Scan Date: 2026-01-14T12:57:28.689048
Technology Area: Windows Operating System
|
||||||||
| V-220766 | CAT II | MONT-SW-89108 | Microsoft Windows 10 Security Technical ... | The system must be configured to audit Object Acce... | - | |||
Check TextSecurity Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective. Use the AuditPol tool to review the current Audit Policy configuration: Open a Command Prompt with elevated privileges ("Run as Administrator"). Enter "AuditPol /get /category:*" Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding: Object Access >> Removable Storage - Success Some virtual machines may generate excessive audit events for access to the virtual hard disk itself when this setting is enabled. This may be set to Not Configured in such cases and would not be a finding. This must be documented with the ISSO to include mitigations such as monitoring or restricting any actual removable storage connected to the VM. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Removable Storage" with "Success" selected. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2407B24433D2B954716743C3A3B170CD2F14F60B ~~~~~ Removable Storage: Success and Failure
Source: MONT-SW-89108_Win10_V3R5_20251217-203019.ckl
Scan Date: 2026-03-04T15:25:16.342077
Technology Area: Windows Operating System
|
||||||||
| V-220766 | CAT II | MONT-SW-89134 | Microsoft Windows 10 Security Technical ... | The system must be configured to audit Object Acce... | - | |||
Check TextSecurity Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN10-SO-000030) for the detailed auditing subcategories to be effective. Use the AuditPol tool to review the current Audit Policy configuration: Open a Command Prompt with elevated privileges ("Run as Administrator"). Enter "AuditPol /get /category:*" Compare the AuditPol settings with the following. If the system does not audit the following, this is a finding: Object Access >> Removable Storage - Success Some virtual machines may generate excessive audit events for access to the virtual hard disk itself when this setting is enabled. This may be set to Not Configured in such cases and would not be a finding. This must be documented with the ISSO to include mitigations such as monitoring or restricting any actual removable storage connected to the VM. Fix TextConfigure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Removable Storage" with "Success" selected. Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2407B24433D2B954716743C3A3B170CD2F14F60B ~~~~~ Removable Storage: Success and Failure
Source: MONT-SW-89134_Win10_V3R5_20251217-201218.ckl
Scan Date: 2026-03-04T15:25:42.339596
Technology Area: Windows Operating System
|
||||||||