Detections
Analytics

HIPAA Windows Audit

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: HIPAA Windows Audit

Updated: 7/12/2022

Authority: HIPAA

Plugin: Windows

Revision: 1.28

Estimated Item Count: 44

Audit Items

DescriptionCategories
HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Application Log Restrict Guest Access'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum Application Log Size (KB)'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum Security Log Size (KB)'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Maximum System Log Size (KB)'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain application log'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain security log'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Retain system log'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'Security Log Restrict Guest Access'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(1)(ii)(D) - Information System Activity Review (R) 'System Log Restrict Guest Access'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(B) - Protection from Malicious Software (A) 'root\SecurityCenter'

SYSTEM AND INFORMATION INTEGRITY

HIPAA 164.308(a)(5)(ii)(B) - Protection from Malicious Software (A) 'root\SecurityCenter2'
HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Application Group Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Account Logon Events'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Account Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Audit Logon Events'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_ACCOUNT_LOGON'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_ACCOUNT_MANAGER'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'AUDIT_LOGON'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Computer Account Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Credential Validation'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Distribution Group Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Kerberos Authentication Service'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Kerberos Service Ticket Operations'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Logon'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Other Account Logon Events'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Other Account Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'Security Group Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(C) - Log-in Monitoring (A) 'User Account Management'

AUDIT AND ACCOUNTABILITY

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Account Lockout Duration

ACCESS CONTROL

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Account Lockout Threshold

ACCESS CONTROL

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Enforce Password History

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Maximum Password Age

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Minimum Password Age

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Minimum Password Length

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Password Must Meet Complexity Requirements

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Reset Account Lockout Counter After

ACCESS CONTROL

HIPAA 164.308(a)(5)(ii)(D) - Password Management (A) - Store Passwords Using Reversible Encryption

IDENTIFICATION AND AUTHENTICATION

HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'AutoDisconnect'.

ACCESS CONTROL

HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'FORCE_LOGOFF'

ACCESS CONTROL

HIPAA 164.312(a)(2)(iii) - Automatic Logoff (A): Terminate an electronic session after a predetermined time of inactivity 'MaxIdleTime'.

ACCESS CONTROL

HIPAA 164.312(a)(2)(iv) - Encryption and Decryption (A)

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

HIPAA 164.312(e)(1) - Transmission Security 'MSFtpsvc'

CONFIGURATION MANAGEMENT

HIPAA 164.312(e)(1) - Transmission Security 'Telnet'

CONFIGURATION MANAGEMENT

HIPAA 164.312(e)(1) - Transmission Security 'TFTPD'

CONFIGURATION MANAGEMENT