17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure' (Automated)

This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that couldn't be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that isn't valid in an attempt to impersonate a client by replying, reading, or writing to or from a client address space. The detection of a Remote Procedure Call (RPC) that compromises system integrity. The detection of a hash value of an executable file that isn't valid as determined by Code Integrity. Cryptographic operations that compromise system integrity.

Audit Policy CSPMicrosoftLearn

./Device/Vendor/MSFT/Policy/Config/Audit/System_AuditSystemIntegrity

Format: int Value: 3

Audit event on success and failure.

YES

Auditing

Audit System Integrity