Actually most of our auditing work in Windows has historically been done in order to meet ITSec C2, and later Common Criteria EAL4 requirements.
I just stumbled on this document, which describes the requirements and what we audit to meet the requirements.
Of course, starting in Windows Server 2003, I added the additional goal to Windows audit, to assist in operational security. This means that we will exceed Common Criteria requirements in either what is audited or what is included in any audit event, wherever we feel that additional information is needed to maintain or analyze operational security.
In practice, this is frequently an uphill battle, trying to get other groups to do work for me ("Why don't you take some time away from coding new features so that you can instrument your old stuff for audit?") [:)]
PingBack from http://winblogs.security-feed.com/2005/11/30/how-does-windows-audit-meet-common-criteria-compliance-standards/